From RFI to Shell

Remote File Inclusion (RFI) is a web application vulnerability attackers exploit to run malicious code. Depending on the web server configuration, an attacker may tell the web app to include code from a file hosted on a remote server. In this post, I’ll describe how to exploit RFI to get a reverse shell on the target using two methods. The first will only use tools already on the victim, while the second will use the more feature-rich metasploit method.

Continue reading From RFI to Shell