WordPress TimThumb RFI Vulnerability used as Botnet Recruitment Vector

On thirst August 2011, Mark Maunder had reveal, through a defacement experience, that "timthumb.php" script, included in hundreds of WordPress themes, was vulnerable to remote file inclusion (RFI) attack. TimThumb is small php script for cropping, zooming and resizing web images (jpg, png, … Continue reading →

Remote File Inclusion and privilege escalation through Metasploit

Demonstration of a RFI (Remote File Inclusion) attack followed by a privilege escalation through Metasploit. The privilege escalation will be done through the CVE-2010-3904 Linux RDS Protocol vulnerability. Vulnerable web page creation Vulnerable web page exploitation through Metasploit use … Continue reading →

When an old Tier RFI mutate into a RFI botnet

Every one of you know Remote File Inclusion vulnerability, how permit to include a remote file usually through a PHP script on the Web application. This remote file contain some code how will be executed in the context of the server and permit for example to gather informations, execute code and … Continue reading →

Playing with Remote File Inclusion in Metasploit

Exploiting Remote File Inclusion (RFI) through Metasploit is a kid game. The 29 January 2010, RSnake has release a database of more than 2000 Remote File Inclusion vulnerable URL's. This RFI vulnerable database was compiled mainly from Milw0rm and OSVDB, and integrated the 15 February 2010 by HD … Continue reading →