Remote File Inclusion Tool Diagram

Viewing 3 reply threads
  • Author
    Posts
    • #7448
      fly_high
      Participant

      Hi everyone,

      After learning some scanning tools that can scan Remote File Inclusion vulnerability (fimap, w3af, uniscan, etc), I decided to draw a diagram to show the mechanism. So here is the picture.

      Note: if you cannot see the picture, please find at attachment

      Little description:
      Attacker box: the person can scan and exploit the RFI vulnerability. Some tool offer exploit mode to get victim shell in their tool; therefore, I decided to put it in.

      Variable setting box: allow the user to set parameter.

      Victim Server box: normal stuff inside a server

      Is it the right way to draw how scanning tool work? Is there some specific part that i need to modify?

      Feel free to post your opinion so I can learn from everyone and draw the right diagram.  🙂

      Thanks

    • #46514
      erwinadi
      Participant

      Hi fly,
      I think you have demoed that there was a script that you used as payload, so that the attacker can control the victim. The picture need to be updated with the payload.

      The “Return Shell” looks ambiguous… Is the shell actually the effect of what the payload does? In that case the payload goes on to one direction, and the returned shell should be showing the other direction.

    • #46515
      fly_high
      Participant

      @erwinadi wrote:

      Hi fly,
      I think you have demoed that there was a script that you used as payload, so that the attacker can control the victim. The picture need to be updated with the payload.

      The “Return Shell” looks ambiguous… Is the shell actually the effect of what the payload does? In that case the payload goes on to one direction, and the returned shell should be showing the other direction.

      Hi Erwin,

      Thanks for the input.

      Yes, the “Return Shell” pipe is the result of what the payload does so let me revised the diagram a little bit.

      Cheers  ;D

    • #46516
      erwinadi
      Participant

      In that case, perhaps a revised picture would help.

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?