LFI/RFI
LFI (Local File Inclusion): is a exploit that allows you to perform directory traversal attacks ie read information from the machine outside of the web host directory such as /etc/passwd this can not only be used to read sensitive information but can also be used to spawn a shell via RFI
Remote File Inclusion (RFI): This exploit allows you to load a file from a remote server and have the target execute it. In php this is disabled by default (allow_url_include).
Last updated