id: generic-rfi

info:
  name: Generic Remote File Inclusion
  author: m4lwhere
  severity: high
  reference:
    - https://www.invicti.com/learn/remote-file-inclusion-rfi/
  tags: rfi,dast,oast

http:
  - pre-condition:
      - type: dsl
        dsl:
          - 'method == "GET"'

    payloads:
      rfi:
        - "https://rfi.nessus.org/rfi.txt"

    fuzzing:
      - part: query
        mode: single
        fuzz:
          - "{{rfi}}"

    stop-at-first-match: true
    matchers:
      - type: word
        part: body  # Confirms the PHP was executed
        words:
          - "NessusCodeExecTest"
# digest: 490a0046304402201f706bb5944d3a4a5ee6f4a6920de5a04d097d9a8abaa3a4b3fc992dc96b97c6022059107f23f16f0e83e38f27702bf6184e2a17c11940d204a50a060879c932a76e:922c64590222798bb761d5b6d8e72950