首页 > 代码库 > WeChall_Training: PHP LFI (Exploit, PHP, Training)
WeChall_Training: PHP LFI (Exploit, PHP, Training)
Your mission is to exploit this code, which has obviously an LFI vulnerability:
GeSHi`ed PHP code
12 | $filename = ‘pages/‘.(isset($_GET["file"])?$_GET["file"]:"welcome").‘.html‘;include $filename; |
There is a lot of important stuff in ../solution.php, so please include and execute this file for us.
Here are a few examples of the script in action (in the box below):
index.php?file=welcome
index.php?file=news
index.php?file=forums
For debugging purposes, you may look at the whole source again, also as highlighted version.
解题:
因为字符串后面加了个".html",完全不知道怎么处理,去搜了题解,发现可以用%00来截断,然后就试了下?file=../../solution.php%00,发现不存在这个文件,看了题解发现是?file=../../solution.php%00。。
WeChall_Training: PHP LFI (Exploit, PHP, Training)
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。