Remote File Inclusion

Remote File Inclusion (RFI) allows an attacker to include a remote file in a web application. This is possible for web applications that dynamically include external files or scripts. Potential web security consequences of a successful RFI attack range from sensitive information disclosure and Cross-site Scripting (XSS) to remote code execution and, as a final result, full system compromise. Remote file inclusion attacks usually occur when an application receives a path to a file as input for a web page and does not properly sanitize it. This allows an external URL to be supplied to the include function.