What is Remote File Inclusion (RFI)?
RFI is also known as Remote file inclusion. In this the attackers or Penetration testers try to include remote files which are hosted in the different web servers. These files are basically web shells. A web shell is a small piece of code which is written in different programming languages depending upon the web application. So through a web shell one can access the remote server. All we have to do is we have to include remote web shell inside the web application which is remote file inclusion vulnerable and once the web shell is included, we can access its remote server.
It is similar to Local file Inclusion. But allows an attacker to read any file from any server. Execute PHP files from other servers on the current server and store PHP files on other servers as .txt.
Where to look for:
-
RFI occurs when paths passed to “include” statements are not properly sanitized.
-
In Black Box Approach – Look for scripts which take filenames as parameters.
How Does Remote File Inclusion Work?
RFI attackers enable hackers to steal data and perform malicious code through the manipulation of a web server or site. In order for an attacker to execute remote file inclusion, they must identify a website first with vulnerable components via a search engine or scanner. Once the website is identified, the attackers upload a malicious file that gives them access to the website’s resources. There are three different ways that an attacker can then exploit the site:
-
Use malware to delete or deface pages.
-
Hijack the server, which can compromise several sites.
-
Steal passwords and information.