An RFI vulnerability exists when an attacker can insert a script or code into a URL and command your server to execute the evil code.
It is important to note that File Inclusion attacks, such as these, can mostly be mitigated by turning Register_Globals off.
Turning this off ensures that the $page variable is not treated as a super-global variable, and thus does not allow an inclusion.
The following is a sanitized attempt to attack a server in just such a manner:
If the site in this example did not have appropriate safeguards ...