• PHP代码审计-File Inclusion-dvwa靶场

    low

    <!DOCTYPE html>
<html>
<head>
	<title></title>
</head>
<body>
<div class="vulnerable_code_area">
		<em><a href="?page=file1.php">file1.php</a></em>
		<em><a href="?page=file2.php">file2.php</a></em>
		<em><a href="?page=file3.php">file3.php</a></em>
</div>
</body>
</html>

<?php
$file = $_GET['page'];
if(isset($file)){
	include($file);
}
?>

    medium

    <!DOCTYPE html>
<html>
<head>
	<title></title>
</head>
<body>
<div class="vulnerable_code_area">
		<em><a href="?page=file1.php">file1.php</a></em>
		<em><a href="?page=file2.php">file2.php</a></em>
		<em><a href="?page=file3.php">file3.php</a></em>
</div>
</body>
</html>
<?php
$file = $_GET['page'];
$file = str_replace(array("https://","http://"), "", $file);
$file = str_replace(array("../","./"), "", $file);
echo $file;
if(isset($file)){
	include($file);
}
?>

    high

    <!DOCTYPE html>
<html>
<head>
	<title></title>
</head>
<body>
<div class="vulnerable_code_area">
		<em><a href="?page=file1.php">file1.php</a></em>
		<em><a href="?page=file2.php">file2.php</a></em>
		<em><a href="?page=file3.php">file3.php</a></em>
</div>
</body>
</html>
<?php
$file = $_GET['page'];
if(!(fnmatch("file*", $file)) && $file !="include.php"){
	echo "ERROR file not found!";
}else{
	include($file);
}
?>

    PHP知识点

    fnmatch() 函数根据指定的模式来匹配文件名或字符串。
  • 相关阅读:
    dotnet logging serilog support
    普通索引和唯一索引,应该怎么选择?
    怎么减少行锁对性能的影响?
    全局锁和表锁 :给表加个字段怎么有这么多阻碍?
    Python调用函数模板
    Shell语言开发基础模板
    Python语言开发小工具库
    笔记day02
    笔记day06
    第2周需求
  • 原文地址:https://www.cnblogs.com/renhaoblog/p/14325596.html
Copyright © 2020-2023  润新知