Remote File Inclusion (RFI) is a type of vulnerability most often found on PHP running websites. It allows an attacker to include a remotely hosted file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file, but depending on the severity can lead to arbitrary code execution.

Local File Inclusion (LFI) is very much like RFI; the only difference is that in LFI the attacker has to upload the malicious script to the target server to be executed locally.

DDoSPedia Index