Mar 07, 2022

Remote File Inclusion [RFI]

Remote File Inclusion or RFI is a vulnerability occurs in web applications.

We use a Linux distribution called "Web for pen testers". You can download it from hear. Now boot the virtual mashing. You'll see a screen like this.

Yes it is a Debian based OS with lot of examples that demonstrate common vulnerabilities like Command injection, SQL injection , Cross Site Scripting etc. Apache server and MySQL are per-installed on this mashing.

Now use you web browser to browse the IP that we discovered in last step. You can see following web interface. Wow there are many vulnerabilities to explorer.There are more to practice with this VM.

In this tutorial we are going to focus on Remote file inclusion. So let's select example1 of File include category.

In the URL you can see a parameter like following.


Now think what it does? when example1.php is loaded intro.php will be automatically included and what ever in that file will be executed. Now. let's see what actually happens inside the hood.

hear you can see the source code of example1.php

<?php require_once '../header.php'; ?>


        if ($_GET["page"]) {



<?php require_once '../footer.php'; ?>

There are something to notice. Did you see 2  statements called include. and require_once . Both of them are used to insert another php script into current file.

require method give an error when given file is not exist. So current script stops executing.

include method give a warning  and the rest of the script will be continued.

Now in above example1.php they have used include($_GET["page"])); .

In several places I  have explained about  $_GET[]. Do you remember what it does?It will fetch the URL parameter called page and put it on the include function.

Now what if we  can include  a PHP web shell  using this method?  What we have to do is upload the shell to a server and input shell's url as the page parameter. I hope you got a clear idea on RFI. Let's see how we can do this practically.

In above SS I logged into VM and looked for files. Actually this step is not needed. Let's create a dummy php file for testing purpose.

Now I host that file on another VM and give the dummy file's URL as the input. Let's see what happen.

Wow it is working .

Now let's build actual php shell. In a previous tutorial I explained you how to build a quick web shell.

<?php echo '<pre>' . shell_exec($_GET['cmd']) . '</pre>' ; ?>

Hear you can see the final result.


I hope you enjoyed the tutorial. Leave a comment if you need any tutorials on these topics. I'll try my maximum to write a post. :-)

Mar 09
How to build a basic tcp server in c

Socket programming is one of the most important features in C. In this document, we are going to....

Aug 20
SQL injection example

Hello guys, In a previous tutorial I explained basic theories about SQL injection. In there we....

Jul 02
Reverse engineering tutorial for beginners

So you want to learn Reverse engineering. That's great. RE is used in various topics such as....

Replying to 's comment Cancel reply
Thilan Danushka Dissanayaka

Thilan Dissanayaka

Hi, I'm Thilan from Srilanka. An undergraduate Engineering student of University of Ruhuna. I love to explorer things about CS, Hacking, Reverse engineering etc.