Author Topic: Evilzone's official RFI training script (Read 7951 times)

ceewwb · « **Reply #15 on:** July 11, 2011, 03:17:26 PM »

ahh now works thank you

so why people activate that option "allow remote inclusion" in the PHP config?

ande · « **Reply #16 on:** July 11, 2011, 03:20:33 PM »

Quote from: ceewwb on July 11, 2011, 03:17:26 PM

ahh now works thank you

so why people activate that option "allow remote inclusion" in the PHP config?

Some scripts require it in order to work, but to be honest. New or and updated servers does not got this option on.

ceewwb · « **Reply #17 on:** July 11, 2011, 04:46:53 PM »

Quote from: ande on July 11, 2011, 03:20:33 PM

Some scripts require it in order to work, but to be honest. New or and updated servers does not got this option on.

Thanks, you helped me a lot

eyMz19 · « **Reply #18 on:** July 22, 2011, 02:32:25 AM »

Bluntly, this is truly useless. Come on ande, don't you already know that we have passed the age of people having an include vulnerability (specially a remote include) on their scripts? What is past is past, we should simply forget about this flaw like we forgot how to crack windows 95 passwords.

ande · « **Reply #19 on:** July 22, 2011, 09:43:00 AM »

Quote from: eyMz19 on July 22, 2011, 02:32:25 AM

Bluntly, this is truly useless. Come on ande, don't you already know that we have passed the age of people having an include vulnerability (specially a remote include) on their scripts? What is past is past, we should simply forget about this flaw like we forgot how to crack windows 95 passwords.

Statement does not make sense.

Forget old knowledge? What would the world have come to then? You should always remember this type of flaw, you never know when you will encounter such a vulnerability. To bad for you if you just decided to forget it.

undead · « **Reply #20 on:** July 29, 2011, 11:40:42 AM »

I usually create my own scripts but I'll try this out. Thanks for sharing it

drago · « **Reply #21 on:** November 11, 2011, 03:50:35 AM »

thanks for info....
trying to catch the php , RFI and LFI....

but my doubt is that ..... is it to include your own php script to a host who is vulnerable to RFI or something else... just to know am i in right path or not

ande · « **Reply #22 on:** November 11, 2011, 12:13:57 PM »

Quote from: drago on November 11, 2011, 03:50:35 AM

thanks for info....
trying to catch the php , RFI and LFI....

but my doubt is that ..... is it to include your own php script to a host who is vulnerable to RFI or something else... just to know am i in right path or not

That is exactly what it is, you include your own PHP code on a host who was never ment to run your code. That is called a RFI (Remote File Inclusion) vulnerability. Read up on my RFI tutorial if you are unsure.