Empty input
Last updated 2017-08-10

Remote File Inclusion (RFI)

Learn about Remote file Inclusion (RFI) vulnerability

Remote File inclusion (RFI) refers to an inclusion attack wherein an attacker can cause the web application to include a remote file by exploiting a web application that dynamically includes external files or scripts.

The consequences of a successful RFI attack include Information Disclosure and Cross-site Scripting (XSS) to Remote Code Execution.

Remote File Inclusion (RFI) usually occurs, when an application receives the path to the file that has to be included as an input without properly sanitizing it. This would allow an external URL to be supplied to the include statement.

Learn more on https://www.acunetix.com/blog/articles/remote-file-inclusion-rfi/