Remote File Inclusion - PHP File


I’m on Zaid’s website hacking course and I’m having trouble getting the remote file inclusion to work on DVWA.

Here’s what I’ve got:

The reverse.text is working on my kali machine.

I’ve got the terminal running with my netcat command (like I’ve done several times before
nc -vv -l -p 8080
and its listening.

Here’s the result of following the steps Zaid provides in the course (you can see in the URL)

Any thoughts?
The security settings are on low and I can’t find any other issue with what I’m doing?

Thanks in advance.


From the errors, it looks like url file access is disabled in your metasploitable. Did you edit the config file on the metasploitable for allow_url_fopen and allow_url_include? Also, try pinging your kali machine form your metasploitable just to be sure that the kali box is accessible from the metasploitable.