Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
tatarrr952018-02-21 22:15:19
PHP
tatarrr95, 2018-02-21 22:15:19

How to exploit the php_include($_GET['page']) vulnerability?

The site has approximately the following hierarchy of files and folders

index.php
hello.php
папка out
----1.php
----2.php
----3.php
----папка pages
--------11.php
--------22.php
--------33.php

When you go to http://site/hello.php?page=11 , the contents of page 11.php are included inside
.
php_include("out/pages/".$_GET['page'].".php")
I can get to the folder above through this vulnerability) I tried page=../1 , it didn't work.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
X
xmoonlight, 2018-02-21
@xmoonlight

Maybe like this?)

if (filter_var($_GET['page'], FILTER_VALIDATE_INT)) 
        php_include("out/pages/".$_GET['page'].".php");

Report
H
hOtRush, 2018-02-22
@hOtRush

To understand whether there is a vulnerability or not, you need to see the code of the php_include function

Similar questions
S
Sergey Buben2016-06-16 11:37:54
How to add a second price in VirtueMart in Joomla? 3Reply
P
plan_ept2018-11-19 12:31:46
What does PLAN(NATURAL) output mean? 5Reply
A
Astral1004982020-09-25 14:08:44
How to clear a tab from a line? 2Reply
S
sl02020-09-28 23:18:33
Is it possible to make a background like this with pure css? 3Reply
A
Alexander Gruzdev2012-11-05 00:31:03
Parallel execution of scripts? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question