Remote File Inclusion
This is similar to a LFI, however with a Remote File Inclusion (RFI), a file from another website is loaded rather than a file from the same website.
Now we are going to add some code to our folio.php file under /components/com_folio, which will make it vulnerable to remote file inclusion. Obviously this code isn't required for our component and is only to demonstrate the vulnerability. You can add this code near the top of the file.
if($controller = JRequest::getVar('controller'))
{
require_once $controller;
}This time, create demo.txt and put it on another site, for example http://localhost/joomlatest/tmp/demo.txt. We won't give it a PHP extension as we will try to disguise it as a text file. Just because it doesn't have a PHP extension, doesn't mean it won't be executed as PHP code.
<?php echo phpinfo(); die;
Note
You may have to enable allow_url_include = On in your php.ini for you to simulate this vulnerability.
Now try in your browser the following URL (where...
