What Is Remote File Inclusion?
Remote File Inclusion (RFI) is a type of code injection attack. To carry out remote file inclusion, a hacker inserts a link into a website’s URL that instructs the website to include a malicious file. The word “remote” stems from the fact that the website is sourcing the file from somewhere else.
Local File Inclusion (LFI) is a similar type of cyberattack, with the key difference being that the hacker accesses files that already exist on the website's server. Although together they account for 21% of all known web application attacks, both RFI and LFI are seen as more elementary compared to high-profile cyber attacks, and are therefore often overlooked and underestimated.
How Does Remote File Inclusion Work?
RFI attacks enable hackers to steal data and execute malicious code through the manipulation of a web server or site. In order for a bad actor to execute remote file inclusion, they must first identify a website with vulnerable components via a search engine or scanner. Once the website is identified, the attacker uploads a malicious file that gives them access to the website's resources. There are three ways an attacker can then exploit the site:
It is important to note that the vulnerability which enables the remote file inclusion is typically found on websites running on PHP, a scripting language used in web development. More than 70% of websites run on PHP, including Facebook, WordPress, OpenCart, Yahoo!, and Wikipedia—ranging from social platforms to ecommerce sites and more.
Remote File Inclusion Example
While RFI is often seen as less sophisticated by the security community, it can have serious repercussions. A particularly well-known remote file inclusion example was carried out in May of 2011, by a group of hackers who called themselves LulzSec. The group noticed a weakness in Fox.com and infiltrated the site using RFI bots, leaking the profiles and names of 73,000 X Factor US contestants. Soon after, the hackers expanded their attack to other targets. They planted a fake news story at PBS and stole data from 24.6 million of Sony’s PlayStation Network customers.
Remote File Inclusion Prevention
Fortunately, there are measures that web developers can take to implement remote file inclusion prevention. Beyond meticulously writing code to minimize vulnerabilities, the following are some additional steps to take towards remote file inclusion prevention.
Now that you have a better understanding of what remote file inclusion is and how it works, you can take the appropriate steps towards remote file inclusion prevention. For more information on how SiteLock can help with safe web application development, check out our malware removal product or get in touch with us today.