FINDING REMOTE FILE INCLUSION VULNERABILITY

In a web application, one way data is passed to a script is by sending a parameter name and value in the URL. This parameter and the data it contains is associated and accessed via a variable inside the script. PHP like other languages has an include directives that allows us to include and execute code from another file. In PHP, variables do not have to be initialized before they are used. PHP assigns uninitialized parameters to variables of the same name. We will check the basic vulnerabilities with the manipulation of GET arguments and look for error message. It is like the one above. However as we said, it’s not always we will get an error message. Sometimes, the script might even redirect to the home page or something when it detects an error. Here are a few examples of GET arguments manipulation: Normal URL → Manipulated or error creating URL

www.site.com/index.php?id=1 → www.site.com/index.php?id=1awdasgfaeg

www.site.com/index.php?page=index → www.site.com/index.php?page=qqqqqqq

www.site.com/index.php?site=index → www.site.com/index.php?site=qqqqqq

Use our view and imagination. The arguments do not need to be "id" or "page" or "site". It can be anything. If we are not getting any error or just a blank page or website redirected. If the server is set up to not display error messages and there is vulnerability, then your remote code will still work even though you didn't get any error messages indicating that there is vulnerability there. Some code designers think that if they check the GET arguments and see if it contains "http://" or "www." and not include the files if they do, they will be secure. However, it can be in many cases bypassed by writing HTTP:// or HtTp:// or WWW. or WwW or wWw etc. If it is not, the include() function will fail trying to include remote content. The other functions like require(), require_once() and include_once().