{"version":"1.0","provider_name":"MozDomains Blog","provider_url":"https:\/\/www.mozdomains.co.mz\/blog\/en","author_name":"Momed Jussub","author_url":"https:\/\/www.mozdomains.co.mz\/blog\/en\/author\/momed-jussub\/","title":"Remote File Inclusion (RFI) - MozDomains Blog","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"pejUeKVhDl\"><a href=\"https:\/\/www.mozdomains.co.mz\/blog\/en\/website-security\/remote-file-inclusion-rfi\/\">Remote File Inclusion (RFI)<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/www.mozdomains.co.mz\/blog\/en\/website-security\/remote-file-inclusion-rfi\/embed\/#?secret=pejUeKVhDl\" width=\"600\" height=\"338\" title=\"&#8220;Remote File Inclusion (RFI)&#8221; &#8212; MozDomains Blog\" data-secret=\"pejUeKVhDl\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script>\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/www.mozdomains.co.mz\/blog\/en\/wp-includes\/js\/wp-embed.min.js\n<\/script>\n","thumbnail_url":"https:\/\/www.mozdomains.co.mz\/blog\/en\/wp-content\/uploads\/2019\/03\/Labs-imagem-RFI.png","thumbnail_width":829,"thumbnail_height":549,"description":"Remote file inclusion (RFI)\u00a0is an attack that targets vulnerabilities present in web applications that dynamically reference external scripts. The offender aims at exploiting the referencing function in an application in order to upload malware from a remote URL located in a different domain. Successful RFI attacks lead to compromised servers, information theft, and a site takeover that permits modification of content. Remote File Inclusion Vulnerability Examples Following are examples of RFI vulnerability: A JSP page containing this line of code:\u00a0\u201d&gt; can be manipulated with the following request: Page1.jsp?ParamName=\/WEB-INF\/DB\/password.\u00a0Processing the request discloses the content of the password file to the perpetrator.\u2026"}