Introduction
I've already made 2 handbooks and people seem to like them, so I'm just going to continue.The thread name speaks for itself - this handbook is going to be about the vulnerability RFI.
There's really not many tutorials here on web security, so I'm your helping hand.
What is RFI?
Remote File Inclusion, also known as RFI is a vulnerability that's pretty rare, but critical once found.This vulnerability allows an attacker to include remote files through the "include" function in PHP, and it happens when the user-input is not sanitized and without proper validation.
For instance, imagine this PHP code example:
Code:
<?php
if ( isset( $_GET['file'] ) ) {
include( $_GET['file'] . '.php' );
}
?>