.

Remote File Inclusion Tool Diagram

<<

fly_high

Newbie
Newbie

Posts: 2

Joined: Thu Mar 22, 2012 5:23 am

Post Fri Mar 23, 2012 12:26 am

Remote File Inclusion Tool Diagram

Hi everyone,

After learning some scanning tools that can scan Remote File Inclusion vulnerability (fimap, w3af, uniscan, etc), I decided to draw a diagram to show the mechanism. So here is the picture.

Image



Note: if you cannot see the picture, please find at attachment

Little description:
Attacker box: the person can scan and exploit the RFI vulnerability. Some tool offer exploit mode to get victim shell in their tool; therefore, I decided to put it in.

Variable setting box: allow the user to set parameter.

Victim Server box: normal stuff inside a server


Is it the right way to draw how scanning tool work? Is there some specific part that i need to modify?

Feel free to post your opinion so I can learn from everyone and draw the right diagram.  :)



Thanks
Last edited by fly_high on Mon Mar 26, 2012 7:31 am, edited 1 time in total.
<<

erwinadi

Newbie
Newbie

Posts: 2

Joined: Sun Mar 25, 2012 11:04 pm

Post Mon Mar 26, 2012 2:13 am

Re: Remote File Inclusion Tool Diagram

Hi fly,
I think you have demoed that there was a script that you used as payload, so that the attacker can control the victim. The picture need to be updated with the payload.

The "Return Shell" looks ambiguous... Is the shell actually the effect of what the payload does? In that case the payload goes on to one direction, and the returned shell should be showing the other direction.
<<

fly_high

Newbie
Newbie

Posts: 2

Joined: Thu Mar 22, 2012 5:23 am

Post Mon Mar 26, 2012 7:28 am

Re: Remote File Inclusion Tool Diagram

erwinadi wrote:Hi fly,
I think you have demoed that there was a script that you used as payload, so that the attacker can control the victim. The picture need to be updated with the payload.

The "Return Shell" looks ambiguous... Is the shell actually the effect of what the payload does? In that case the payload goes on to one direction, and the returned shell should be showing the other direction.


Hi Erwin,

Thanks for the input.

Yes, the "Return Shell" pipe is the result of what the payload does so let me revised the diagram a little bit.

Cheers  ;D
<<

erwinadi

Newbie
Newbie

Posts: 2

Joined: Sun Mar 25, 2012 11:04 pm

Post Mon Apr 02, 2012 1:41 am

Re: Remote File Inclusion Tool Diagram

In that case, perhaps a revised picture would help.

Return to Opinions

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software