Remote File Inclusion (RFI) attacks exploit which PHP function?

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the UCF CIS3360 Security in Computing Exam. Utilize flashcards and multiple choice questions with detailed hints and explanations to boost your understanding and readiness. Start today and succeed!

Remote File Inclusion (RFI) attacks primarily exploit the 'include' function in PHP. This function is designed to include and evaluate a specified file in the execution of the script. When user input is not properly sanitized, an attacker can manipulate the URL or input to include a malicious file from a remote server. This is dangerous because if the attacker succeeds, they can execute arbitrary code on the target server, leading to a full compromise of the application or even the server itself.

The inclusion of files located on a remote server circumvents local security controls and can allow attackers to bypass restrictions that might protect the system from executing malicious code locally. This makes the 'include' function particularly vulnerable in scenarios where user input is not properly controlled. The other functions listed do not have the same inherent risk for RFI, which is why they are not the correct choice.