via ithemes.com => original post link
Any tool can be used with good or bad intentions, and file inclusion is no different. WordPress is built with PHP, a server-side programming language that uses file inclusion as a method of writing code that can be pulled into any page on a site. File inclusion is a tool used by programmers to make maintaining code easier, as well as allow for functions to be extended throughout a site.
Of course, file inclusion can be used maliciously as well.
In this comprehensive guide to file inclusion attacks, we will explore ways hackers exploit poor user input validation to inject malware and send instructions to the victim’s server to compromise website security.