1. Executive Summary
2. Introduction
3. PHP internals
3.1 PHP execution process
3.2 PHP include function
4. Malicious file includes – RFI
4.1 Classic RFI
4.2 Classic RFI “in the wild”
4.3 Advanced RFI using PHP streams
5. Malicious File Includes (MFI)
5.1 Adding PHP code to log files
5.2 Uploading user content with Embedded PHP code
5.2.1 Editing file content to embed PHP code
5.2.2 PHP code-embedded files detection
6. Malicious file inclusion in the wild
6.1 Background
6.2 Remote file inclusion in the wild
6.2.1 Attack sources analysis
6.2.2 Shell hosting URLs analysis
6.2.3 Shell analysis
7. Mitigating RFI/LFI
8. Appendix A – PHP streams and wrappers
http://www.imperva.com/docs/HII_Remote_and_Local_File_Inclusion_Vulnerabilities.pdf
