Hey! Remember the good old days when the web spouted RFI’s everywhere? We miss those days. So me and Fredrik figured out a new way to reincarnate the old dusty RFI’s! This is an unexpected feature in PHP that allows you to communicate with external servers even though allow_url_include = Off.
More+Here comes another example on how nokitel can be used for penetration testing. Ever heard about a CAM-Table-Overflow? Though so. It’s not a very common exploitation method. This is a short description quoted from hakipedia,com: “A switch’s CAM table contains network information such as MAC addresses available on physical switch ports and associated VLAN parameters. [...]“
More+Yes, this might come as a spoiler, but me, Mathias and Kasper are currently researching in the Cellular area. Enough of that at the moment. Anyway, whilst we read through RFC’s and wikipages, we stumbled upon this specific page containing…
More+Seriously. RFI’s are outdated, really outdated. But I can’t possible release an article of exploiting LFI’s without releasing one about RFI’s. It’s like saying A without saying B, and that is just plain annoying. Okay, now on to it.
More+