RFI Complete tutorials

Assalam-0-Alaikum,

Zulqurnain jutt here i am going to Teach some amazing series RFI tutorials and INSHALLAH complete it Soon.

 i have learned much new things from it. sp1der,Ment@l_Mind,and others

And Today i am going To share My ideas with you guyz i have decided to share a complete A-Z tutorial and divided it into Following SERIES:

1. Beginning of  RFI
2. Finding And Exploiting RFI vulnerabilities
3. Securing RFI vulnerabilities

Overview:

WHAT IS RFI?

RFI means Remote file inclusion. RFI is a type of web application security hole.On the net, there are so many sites which are vulnerable to RFI.
In this tutorial, I am going to show you RFI with PHP.
PHP is a web script engine. Its the most widely used one so that's why I am using it in this tutorial.

Learn more about PHP:

php.net ,  en.wikipedia.org/wiki/PHP, OR BY Searching on google and youtube.


To understand what file inclusion is I am going to show a little example. This is an example site in PHP:

Code:


PHP Code:

$content = “Assalam-0-Alaikum And welcome to the H4ck3r Cracks”;
?>

This is a very basic page. But as your page expands you might want to put the individual pages in their own files and include them in the main file depending on user input. This way, when you got pages with perhaps 10k lines of PHP code you don't have to use hours looking
for the bit of code you want to edit/view.

By user input I mean things like a URL GET argument. A GET argument could look like this:

HTML Code:

www.site.com/index.php?page=index

In the above example the PHP script would see the “page=index” and then show the content of “index”. The “index” can be anything, can be a file, SQL value, hard-coded variable. If it is a file, then the PHP script is most likely using the include() function and that is file inclusion.