These remote files are usually obtained in the form of an HTTP or FTP URI as a user-supplied parameter to the web application.
This issue can still lead to remote code execution by including a file that contains attacker-controlled data such as the web server's access logs.
[2] To exploit the vulnerability an attacker will alter a variable that is passed to one of these functions to cause it to include malicious code from a remote resource.
[3][4] Consider this PHP script which includes a file specified by request: The developer intended to read in english.php or french.php, which will alter the application's behavior to display the language of the user's choice.
A safer solution is to use a predefined Switch/Case statement to determine which file to include rather than use a URL or form parameter to dynamically generate the path.