What is an RFI Attack?
Image Credits: Pixabay
A remote file incursion (RFI) is a type of computer attack wherein the hacker seeks to exploit the ‘dynamic file include’ mechanism of certain web applications. The hacker will target the application’s referencing function so that malware can be uploaded from a completely different domain and URL. RFI attacks are normally done to steal sensitive information, takeover websites or attack the servers of a network. As every web application worth its salt comes with file inclusion, it can be particularly hard to guard against RFI attacks. Websites built with PHP programming language are particularly vulnerable to an RFI attack.