search

Home >Backend Development >PHP Tutorial >Application analysis of allow_url_include in php

Application analysis of allow_url_include in php

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOriginal
2016-07-25 09:05:411003browse

  3. // Insecure Include

  4. // The following Include statement will
  5. // include and execute everything POSTed
  6. // to the server

  7. include "php://input";

  8. ?>

Copy code

Example 2: Use data: to Include arbitrary code

  3. // Insecure Include

  4. // The following Include statement will
  5. // include and execute the base64 encoded
  6. // payload. Here this is just phpinfo()< ;/p>

  7. include "data:;base64,PD9waHAgcGhwaW5mbygpOz8+";

  8. ?>

Copy the code

Put these into the operation and you will find that neither url_allow_fopen is Nor is url_allor_include guaranteed. Just because filters rarely filter vectors. If you want to completely solve this URL include vulnerabilities method, you need to apply the Suhosin extension.



Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:A small example of php array deduplicationNext article:A small example of php array deduplication

Related articles

See more