Remote file inclusion is one of the latest and popular attack technique used by an attacker to attack a website from a remote computer. If your server are vulnerable to web applications that allow an attacker to execute remote file inclusion, it's very easy for attacker take over your server remotely .
PHP application is one of the applications that always vulnerable which allow an attacker to execute remote file inclusion to website. The reason of this PHP issue are:
- Insufficient validation of user input prior to dynamic file system calls, such as require or include or fopen()
- allow_url_fopen and PHP wrappers allow this behavior by default, which is unnecessary for most applications
- Poor permissions and planning by many hosters allowing excessive default privileges and wide ranging access to what should be off limits areas.