Remote File Inclusion
Remote File Inclusion (RFI)
Introduction
Remote file inclusion (RFI) is an attack targeting vulnerabilities in web applications that dynamically reference external scripts.
Where to find
Any endpoint that includes a file from a web server. For example,
/index.php?page=index.html
How to exploit
Basic payload
URL encoding
Double encoding
Using Null Byte (%00)
References
Last updated