The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.
Eleven Years of Service
Posts: 242
Threads: 10
Points: 3.75NSP
RE: Advanced Exploitation Techniques 10-27-2013, 01:12 AM
#31
(08-11-2013, 02:51 PM)zomgwtfbbq Wrote: You could have told why RFI isn't so common these days and why allow_url_include is turned off.
Also your RFI example can't work unless you add a poison null byte to the url which will discard the php extension, otherwise:
http://yourevilsite.com/shell.txt > http://yourevilsite.com/shell.txt.php
I'm sorry to say this tutorial isn't so original, it's like every tutorial you come across nowadays is either xss, sqli, rfi or lfi related, while there are so many other types of vulnerabilities.
Don't want to sound negative but it's just the way I feel.
Totally agree with you , also I don't see any advanced methods, rfi,ssi or lfi aren't advanced at all.
Anyway it will come handy to some members.
If you need help , drop me a PM and I will help you with the best I can !
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
•
Eleven Years of Service
Posts: 242
Threads: 10
Points: 3.75NSP
RE: Advanced Exploitation Techniques 10-27-2013, 01:12 AM
#32
(08-11-2013, 02:51 PM)zomgwtfbbq Wrote: You could have told why RFI isn't so common these days and why allow_url_include is turned off.
Also your RFI example can't work unless you add a poison null byte to the url which will discard the php extension, otherwise:
http://yourevilsite.com/shell.txt > http://yourevilsite.com/shell.txt.php
I'm sorry to say this tutorial isn't so original, it's like every tutorial you come across nowadays is either xss, sqli, rfi or lfi related, while there are so many other types of vulnerabilities.
Don't want to sound negative but it's just the way I feel.
Totally agree with you , also I don't see any advanced methods, rfi,ssi or lfi aren't advanced at all.
Anyway it will come handy to some members.
If you need help , drop me a PM and I will help you with the best I can !
•
Eleven Years of Service
Posts: 242
Threads: 10
Points: 3.75NSP
RE: Advanced Exploitation Techniques 10-27-2013, 01:12 AM
#33
(08-11-2013, 02:51 PM)zomgwtfbbq Wrote: You could have told why RFI isn't so common these days and why allow_url_include is turned off.
Also your RFI example can't work unless you add a poison null byte to the url which will discard the php extension, otherwise:
http://yourevilsite.com/shell.txt > http://yourevilsite.com/shell.txt.php
I'm sorry to say this tutorial isn't so original, it's like every tutorial you come across nowadays is either xss, sqli, rfi or lfi related, while there are so many other types of vulnerabilities.
Don't want to sound negative but it's just the way I feel.
Totally agree with you , also I don't see any advanced methods, rfi,ssi or lfi aren't advanced at all.
Anyway it will come handy to some members.
If you need help , drop me a PM and I will help you with the best I can !
•
Eleven Years of Service
Posts: 242
Threads: 10
Points: 3.75NSP
RE: Advanced Exploitation Techniques 10-27-2013, 01:12 AM
#34
(08-11-2013, 02:51 PM)zomgwtfbbq Wrote: You could have told why RFI isn't so common these days and why allow_url_include is turned off.
Also your RFI example can't work unless you add a poison null byte to the url which will discard the php extension, otherwise:
http://yourevilsite.com/shell.txt > http://yourevilsite.com/shell.txt.php
I'm sorry to say this tutorial isn't so original, it's like every tutorial you come across nowadays is either xss, sqli, rfi or lfi related, while there are so many other types of vulnerabilities.
Don't want to sound negative but it's just the way I feel.
Totally agree with you , also I don't see any advanced methods, rfi,ssi or lfi aren't advanced at all.
Anyway it will come handy to some members.
If you need help , drop me a PM and I will help you with the best I can !
•
Users browsing this thread: 3 Guest(s)
![[Image: V7mYdF6.png]](http://i.imgur.com/V7mYdF6.png)