After learning some scanning tools that can scan Remote File Inclusion vulnerability (fimap, w3af, uniscan, etc), I decided to draw a diagram to show the mechanism. So here is the picture. Note
: if you cannot see the picture, please find at attachmentLittle description
: the person can scan and exploit the RFI vulnerability. Some tool offer exploit mode to get victim shell in their tool; therefore, I decided to put it in. Variable setting box
: allow the user to set parameter.Victim Server box
: normal stuff inside a server
Is it the right way to draw how scanning tool work? Is there some specific part that i need to modify?
Feel free to post your opinion so I can learn from everyone and draw the right diagram.