RFI - LFI
Remote File Inclusion (RFI) is a
type of vulnerability
most often found on PHP running websites. It allows an attacker to include a
remotely hosted file, usually through a script on the web server. The
vulnerability occurs due to the use of user-supplied input without proper
validation. This can lead to something as minimal as outputting the contents of
the file, but depending on the severity can lead to arbitrary code
execution.
Local File Inclusion (LFI) is very much like
RFI; the only difference is that in LFI the attacker has to upload the
malicious script to the target server to be executed locally.
DDoSPedia Index