Web applications attacks/Remote file inclusion
Jump to navigation
Jump to search
Description
Like Local File Inclusion (LFI) attacks, Remote File Inclusion (RFI) attacks consist of including a file, but in this case, not hosted on the same server.
Example
- WebGoat, Same origin policy protection shows how to exploit a RFI to take control over an Ajax request.
- HackThisSite.org, Realistic, Level 9 shows how to use a Remote File Inclusion (RFI) attack to steal someone's cookies and use the stolen information to escalate privileges.
- HackThisSite.org, Realistic, Level 11 shows how to use a Remote File Inclusion (RFI) attack to steal someone's cookies and use the stolen information to escalate privileges.
Protection
- Check the origin of data (see WebGoat example)