Testing for Remote File Inclusion

Brief Summary
File Inclusion vulnerability allows an attacker to include a file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file, but depending on the severity, to list a few it can lead to:


 * Code execution on the web server
 * Code execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS)
 * Denial of Service (DoS)
 * Sensitive Information Disclosure

Description of the Issue
Remote File Inclusion (also known as RFI) is ...

Black Box testing and example
To be continued.

Gray Box testing and example
Gray box

Mitigation
How to protect yourself from RFI