WeChall_Training: PHP LFI (Exploit, PHP, Training)

Posted 冷暖知不知

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了WeChall_Training: PHP LFI (Exploit, PHP, Training)相关的知识,希望对你有一定的参考价值。

Your mission is to exploit this code, which has obviously an LFI vulnerability:

GeSHi`ed php code
1
2
$filename = ‘pages/‘.(isset($_GET["file"])?$_GET["file"]:"welcome").‘.html‘;
include $filename;



There is a lot of important stuff in ../solution.php, so please include and execute this file for us.

Here are a few examples of the script in action (in the box below):
index.php?file=welcome
index.php?file=news
index.php?file=forums

For debugging purposes, you may look at the whole source again, also as highlighted version.

 

解题:

  因为字符串后面加了个".html",完全不知道怎么处理,去搜了题解,发现可以用%00来截断,然后就试了下?file=../../solution.php%00,发现不存在这个文件,看了题解发现是?file=../../solution.php%00。。

 

以上是关于WeChall_Training: PHP LFI (Exploit, PHP, Training)的主要内容,如果未能解决你的问题,请参考以下文章

[PHP]无需可控文件的LFI-RCE学习

[PHP]无需可控文件的LFI-RCE学习

利用pearcmd.php从LFI到getshell

利用pearcmd.php从LFI到getshell

刷题记录:[XCTF 2019 Final]LFI2019

文件包含lfi