Cyber Security Center

About RFI vulnerability


RFI vulnerability

Vulnerable computer systems and applications:

PHP, JSP, ASP.

Description:

RFI (Remote File Inclusion) is a type of attack that exploits the mechanisms of file insertion into web applications for malicious purposes. When these applications process the embedded files, the software code in them may be executed. If this process is executed based on HTTP request elements, the application develops a vulnerability. Using the vulnerability, attackers can:

  • Insert and implement malicious code on a vulnerable network server;
  • Execute a DDoS attack;
  • Intercept confidential information.

 

Recommendations:

  • The most effective solution to the problem is to limit user input ability. This can be done in the application using input filtering.