Remote File Inclusion
Remote File Inclusion ( RFI ) allows the attacker to upload his file on a website server using a script. Remote File Inclusion is a common vulnerability found in many websites. Using RFI you can literally deface the websites, get access to the server. Here i am going to describe this.
Searching the Vulnerability:
Remote File inclusion vulnerability is usually occured in those sites which have a navigation similar to this:
If you want to find more website like this try is with google dork.
After going to the target website test it for RFI vulnerability. Use this:
after pressing enter if the google’s homepage is there on the website, then this website is vulnerable to RFI attack.
Now you can execute your own scripts on the webserver of this website.
**Question Mark is must