After learning some scanning tools that can scan Remote File Inclusion vulnerability (fimap, w3af, uniscan, etc), I decided to draw a diagram to show the mechanism. So here is the picture.
Note: if you cannot see the picture, please find at attachment
Attacker box: the person can scan and exploit the RFI vulnerability. Some tool offer exploit mode to get victim shell in their tool; therefore, I decided to put it in.
Variable setting box: allow the user to set parameter.
Victim Server box: normal stuff inside a server
Is it the right way to draw how scanning tool work? Is there some specific part that i need to modify?
Feel free to post your opinion so I can learn from everyone and draw the right diagram. :)