Acrónimos: RFI
Abuso
de servidores de aplicaciones web a los que se les fuerza para que entreguen
software dañino.
Remote File Inclusion (RFI)
is an attack that targets the computer servers that run Web sites and their
applications. RFI exploits are most often attributed to the PHP programming
language used by many large firms including Facebook and SugarCRM. However, RFI
can manifest itself in other environments and was in fact introduced initially
as "SHTML injection". RFI works by exploiting applications that
dynamically reference external scripts indicated by user input without proper
sanitation. As a consequence, the application can be instructed to include a
script hosted on a remote server and thus execute code controlled by an
attacker. The executed scripts can be used for temporary data theft or
manipulation, or for a long term takeover of the vulnerable server.
http://www.imperva.com/resources/glossary/glossary.html