DDoSPedia is a glossary that focuses on network and
application security terms with many distributed
definitions. It provides a central place for hard to find web-scattered
definitions on this topic.
Remote File Inclusion (RFI) is a
type of vulnerability
most often found on PHP running websites. It allows an attacker to include a
remotely hosted file, usually through a script on the web server. The
vulnerability occurs due to the use of user-supplied input without proper
validation. This can lead to something as minimal as outputting the contents of
the file, but depending on the severity can lead to arbitrary code
Local File Inclusion (LFI) is very much like
RFI; the only difference is that in LFI the attacker has to upload the
malicious script to the target server to be executed locally.