Lab 3: RFI via File Upload

RFI attacks through file upload functionality

Difficulty: Medium

Lab Overview

This lab demonstrates RFI vulnerabilities that can be exploited through file upload functionality. Attackers can upload files containing malicious code or reference remote files that get processed and executed on the server.

Objective: Use file upload functionality to achieve remote file inclusion and code execution.

Vulnerable Code

// Vulnerable: Direct inclusion without validation
function include_uploaded_file($filename) {
    if (empty($filename)) {
        return "No file specified.";
    }
    
    // Check if it's a remote URL
    if (filter_var($filename, FILTER_VALIDATE_URL)) {
        // Vulnerable: Direct inclusion of remote files
        $content = @file_get_contents($filename);
        if ($content !== false) {
            return $content;
        }
    }
    
    // Local file inclusion
    $local_path = "uploads/" . basename($filename);
    if (file_exists($local_path)) {
        return file_get_contents($local_path);
    }
}

File Upload

Uploaded Files

No files uploaded yet.

File Inclusion

Vulnerability Details

Type: RFI via File Upload
Severity: High
Method: POST
Issue: Direct inclusion of uploaded and remote files

File Upload RFI Examples

malicious.php - Upload PHP shell
http://attacker.com/shell.php - Remote file
config.txt - Upload config file
template.html - Upload template

File Upload RFI Payloads

Upload these files to test RFI vulnerabilities:

1. Basic PHP Shell (malicious.php):

Hacked!