Remote file inclusion (RFI) is an attack targeting vulnerabilities in web applications that dynamically reference external scripts. The perpetrator’s goal is to exploit the referencing function in an application to upload malware (backdoor shells) from a remote URL located within a different domain.

The successful RFI attack includes information theft, compromised servers and a site takeover that allows for content modification.