Abusing LFI-RFI for Fun,Profit and Shells

DerbyCon 3.0 - All In The Family

Presented by: Francis Alexander
Date: Friday September 27, 2013
Time: 16:00 - 16:25
Location: Stable
Track: Stable Talks

“This talk is about exploiting the much less discussed Local File Inclusion and Remote File Inclusion these days due to its extinction.The talk moves one step further and focuses on various new methods and strategies which are explained and demonstrated. The talk looks upon various real world scenarios and introduces new attack vectors and also dives deep into various methods and its demos. The talk also touches on various PHP streams which could be used to bypass the traditional streams. It also further looks upon suhosin patch, its bypass and other evasion techniques. The paper will also talk on the I2RCE.py tool which automates the inclusion process to remote session.”

Francis Alexander

Francis Alexander is an Information Security Researcher.He has a strong vision and mission of Free & Open Information Security Education for all. His area of interest includes web app & standalone app security, DBMS security, coding tools and fuzzing. He had been selected to speak at Defcon Kerala.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats