On my friends website when I typed www.abc.com/?page=non existing page, I got page not found error.But when I gave www.abc.com/?page=www.google.com I got blank white page.So is this website vulnerable to RFI? Why did it show blank page instead of error page?
Asked
Active
Viewed 521 times
1
Harikrishnan
- 452
- 1
- 5
- 18
-
This cannot be answered unless we know the source code of the application which handles this URL. – Lucas Kauffman Sep 13 '13 at 05:49
-
Hey! What do you have against abc.com? I like my news! – NULLZ Sep 13 '13 at 06:33
-
check the error-logs, if you have some. – that guy from over there Sep 13 '13 at 06:44
1 Answers
3
Generally if you're looking to test for RFI the way to approach it is to place a URL that you have control over as the parameter. That way then the URL is accessed you can look in the web server logs to see if you had a request from the server your assessing for that page.
As to whether this website is vulnerable, to be honest it's not possible to tell definitively from the information at hand.
Rory McCune
- 60,923
- 14
- 136
- 217