RFI ( RFI -> RCE )

Similar to LFI, RFI fetches the documents from the specified url location, so what an attacker can do is,

  1. Create a malicious php file

  2. Host it in his local machine

  3. Request the file with the URL

  4. The php code will be executed and the output will be obtained

Last updated