1. LFI, local file inclusion vulnerability, as the name suggests, refers to a vulnerability that can open and include local files. Most of the file inclusion vulnerabilities encountered are LFI.
2. RFI, remote file inclusion vulnerability. Refers to the ability to include files on a remote server and execute them. Since the files on the remote server are controllable by us, the vulnerability will be very harmful once it exists. However, the utilization conditions of RFI are more stringent and need to be configured in php.ini.
allow_url_fopen = On
Example
<?php $file = $_GET['file']; include $file; ?>
allow_url_fopen defaults to Onallow_url_include and defaults to Off
If there are special requirements, they will be pointed out in the conditions of use.
The above is an introduction to PHP file inclusion vulnerabilities. I hope it will be helpful to everyone.