Archive for the ‘RFI’ Category

What does a phpshell look like?

After my last posting “(evil) Register Globals (on)“, I got an email asking what remote files look like and what they do. I call remote files “phpshells”. phpshells can send commands directly to the server system over http.

An easy version could be using a GET variable for a system call. Indeed, it’s enough to steal information, destroy pages and do other nasty stuff on a web server.

<?php
    system($_GET[‘cmd’]);
?>

The r57shell is the deluxe version of a phpshell. I added some pictures below. It’s an interface and has functions like ftp, mail and many more.

Continue reading

(evil) Register Globals (on)

The register_globals directive is enabled (register_globals = On) by default in PHP versions 4.2.0 and greater in the php config (php.ini). While it doesn’t represent a security vulnerability, it’s a security risk.

Why is it a security risk? Let’s look at this example:

Continue reading