Skip to content

RFI exploit development

Jump to bottom Edit New page
cktricky edited this page Aug 5, 2011 · 4 revisions

Methods exposed by RFI assist module

At any time, users can type show rfi at the console and list the Remote File Inclusion by name.

fetch_rfi_by_name - takes input as the name of the RFI (ie - joomla_1 or zencart_1) and returns the data associated with the RFI (all data).

fetch_rfi_string_by_name - takes input as the name of the RFI, however, returns the RFI string

fetch_rfi_list - takes no input, simply returns a list of the RFIs in the database

requires_auth? - takes input as the name of the RFI, returns true/false whether or not the RFI requires the attacker to be authenticated

Add a custom footer
Add a custom sidebar
Clone this wiki locally