Simple College Website 1.0 — RFI

Photo by Markus Spiske on Unsplash

Root cause Analysis and Hacking

/admin/index.php

Condition:

  1. To allow inclusion of remote files, the directive allow_url_include must be set to On in php.ini
exploit.php
Burp Req/Res

Remediation

  1. Authentication of requests made by the user.
  2. Checking for file location when including it.
  3. disabling allow_url_include
  4. Input sanitisation and validation.

Unlisted

--

--

What could be more fun than breaking stuffs!!!

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Gowthamaraj

Gowthamaraj

What could be more fun than breaking stuffs!!!