RFI ( RFI -> RCE )
Similar to LFI, RFI fetches the documents from the specified url location, so what an attacker can do is,
- 1.Create a malicious php file
- 2.Host it in his local machine
- 3.Request the file with the URL
- 4.The php code will be executed and the output will be obtained
Last modified 11mo ago