Remote File Inclusion vulnerability scanning

Number: AL14-001
Date: 14 January 2014


The purpose of this alert is to bring attention to increased scanning activity for Remote File Inclusion (RFI) vulnerabilities.


CCIRC has observed increased reporting of RFI vulnerability scanning against internet facing web servers. Exploitation of an RFI vulnerability could lead to a variety of malicious activity, including remote code execution, DoS attacks, theft of personal/financial information, or website defacement. 

Recently observed scans are attempting to remotely locate if known RFI vulnerabilities exists in various web applications including phpBB and Wordpress, among others. The scans use a legitimate file located at ‘www[.][.]txt' to pass to the web application. If the scan is successful, then the scanner/attacker will receive an answer from the targeted web application with the contents of humans.txt originally from This proves that the web application contains an RFI vulnerability that can be potentially exploited at a later date.

Please note that the URL ‘www[.][.]txt' is not malicious but is used by the scanner/attacker to determine if the web application is exploitable.

Examples of traffic observed looking for RFI vulnerabilities:

Suggested Action


Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589

Date modified: