包含一般也就分为LFI、RFI,即local file inclusion和remote file inclusion
LFI
对于LFI的话,因为很多都限制了包含的后缀结尾必须为.php, Include ($a.'.php') 例如这种的。
所以我们想包含我们的图片马儿的话,那么就需要截断后面的这.php
-
00截断。需要gpc off && php
-
长文件名截断。反正这个我很少成功。
-
转换字符集造成的截断。这个对包含的话基本用不上。
还有一些cms限制包含的后缀必须为.php,例如下面一段简单的代码
$include_file=$_GET[include_file];if ( isset( $include_file ) && strtolower( substr( $include_file, -4 ) ) == ".php" ) { require( $include_file ); } 对传递过来的截取了后面4个字符,然后判断是不是“.php”,如果是“.php”才进行包含。这里可以用zip(或者phar)协议嘛(当然这个也是找laterain学的,哈哈)。
首先新建一个1.php,里面随便写个phpinfo吧,
然后压缩成.zip,接着把zip的名字改成 yu.jpg。
然后把这个.jpg上传上去 然后包含:
对于一些LFI找不到上传图片的地方的话,也有很多牛发过了一些不能上传图片LFI的技巧,各种包含日志、环境变量啥的,这里我就也不多说了。
RFI
下面再来说RFI。
如果能RFI的话,那么就是最方便的了。包含远程文件,或者又是 php://input data 啥的,各种伪协议。
但是也都知道RFI最大的限制条件就是需要 allow_url_include on 且“变量前未定义路径”或者“常量”。
而 Allow_url_include 默认都是off,那么无论是 allow_url_include on 还是“变量前无路径”或者“常量”,那都是RFI的硬伤。
这里介绍一种在allow_url_include off的情况下也能rfi的技巧,但是成功率也并不太高。
首先在php.ini里看一下 allow_url_include :
; Whether to allow include/require to open URLs (like http:// or ftp://) as files.allow_url_include = Off
翻译过来就是,允许包含url,例如 http:// 、 ftp:// 之类的协议。当off的时候肯定就是不允许去包含这样的协议。
这里我们先来测试一下:
<?phpinclude($_GET[yu]);
首先 allow_url_include && allow_url_fopen 都为on的时候
成功RFI。
然后 allow_url_include 为 on,allow_url_fopen 为off
直接包含远程文件失败。这时候我们用一下伪协议试试。
再次成功rfi。
当allow_url_include && allow_url_fopen 为off的时候。
伪协议失败。
而包含文件的方式:
URL file-access is disabled in the server configuration ,说明也不允许包含。
然而,肯定还有不少人记得很久以前的那个星外无可执行目录的时候,利用远程调用cmd继续提权。
那个利用的是共享文件,然后在星外主机上来执行。
那么这里我们也试试:
包含共享文件成功!这里只本地测试了,没具体测试远程。但是由于445的原因 可能基本都失败。
转载自: http://drops.wooyun.org/papers/4544 ,在原文基础上有简单整理修改。
Working with Flash Session Data in LaravelMar 12, 2025 pm 05:08 PMLaravel simplifies handling temporary session data using its intuitive flash methods. This is perfect for displaying brief messages, alerts, or notifications within your application. Data persists only for the subsequent request by default: $request-
cURL in PHP: How to Use the PHP cURL Extension in REST APIsMar 14, 2025 am 11:42 AMThe PHP Client URL (cURL) extension is a powerful tool for developers, enabling seamless interaction with remote servers and REST APIs. By leveraging libcurl, a well-respected multi-protocol file transfer library, PHP cURL facilitates efficient execution of various network protocols, including HTTP, HTTPS, and FTP. This extension offers granular control over HTTP requests, supports multiple concurrent operations, and provides built-in security features.
Simplified HTTP Response Mocking in Laravel TestsMar 12, 2025 pm 05:09 PMLaravel provides concise HTTP response simulation syntax, simplifying HTTP interaction testing. This approach significantly reduces code redundancy while making your test simulation more intuitive. The basic implementation provides a variety of response type shortcuts: use Illuminate\Support\Facades\Http; Http::fake([ 'google.com' => 'Hello World', 'github.com' => ['foo' => 'bar'], 'forge.laravel.com' =>
12 Best PHP Chat Scripts on CodeCanyonMar 13, 2025 pm 12:08 PMDo you want to provide real-time, instant solutions to your customers' most pressing problems? Live chat lets you have real-time conversations with customers and resolve their problems instantly. It allows you to provide faster service to your custom
PHP Logging: Best Practices for PHP Log AnalysisMar 10, 2025 pm 02:32 PMPHP logging is essential for monitoring and debugging web applications, as well as capturing critical events, errors, and runtime behavior. It provides valuable insights into system performance, helps identify issues, and supports faster troubleshoot
Explain the concept of late static binding in PHP.Mar 21, 2025 pm 01:33 PMArticle discusses late static binding (LSB) in PHP, introduced in PHP 5.3, allowing runtime resolution of static method calls for more flexible inheritance.Main issue: LSB vs. traditional polymorphism; LSB's practical applications and potential perfo
Customizing/Extending Frameworks: How to add custom functionality.Mar 28, 2025 pm 05:12 PMThe article discusses adding custom functionality to frameworks, focusing on understanding architecture, identifying extension points, and best practices for integration and debugging.
Framework Security Features: Protecting against vulnerabilities.Mar 28, 2025 pm 05:11 PMArticle discusses essential security features in frameworks to protect against vulnerabilities, including input validation, authentication, and regular updates.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
