1. Vulnerability Overview
File Inclusion Vulnerability means that the server uses variables to include files and uses these variables by dynamically calling URLs. If the included files are not effectively filtered, an attacker can exploit this vulnerability to execute malicious files or code, leading to file inclusion vulnerabilities.
Let’s take a simple example:
Suppose there is a PHP file index.php that contains the following code:
<?php
$page = $_GET['page'];
include($page . '.php');
?>
In this code, $_GET['page'] obtains the parameters in the URL and then passes them to the include function as the value of the variable $page. If an attacker is able to control the value of $_GET['page'] and set it to the path of a malicious file, the malicious file will be included and executed.
For example, an attacker could pass a malicious file evil.php via the URL http://example.com/index.php?page=evil, which would then be included and executed, leading to a security vulnerability.
2. Common file inclusion functions
-
include() : Include and run the code of the specified file. If the file does not exist or contains an error, a warning will be issued to continue executing the script.
-
require() : Similar to the include() function, but if the file does not exist or an inclusion error occurs, a fatal error is generated and the script is stopped.
-
include_once() : Similar to the include() function, but only includes the specified file once to avoid including the same file repeatedly.
-
require_once() : Similar to the require() function, but only includes the specified file once to avoid including the same file repeatedly.
-
fopen() : open a file or url
Avoid :When using these functions, you should try to avoid passing user input directly to these functions as file names. Instead, filter and validate user input to avoid file inclusion vulnerabilities.
3. File Contains Vulnerability Classification
File inclusion vulnerabilities can be divided into two types: local file inclusion and remote file inclusion.
Local file inclusion vulnerability:
When the included file is located locally on the server, if the file path is not sufficiently verified and filtered, the attacker can construct a malicious file path and execute malicious code. This vulnerability is called a local file inclusion vulnerability.
Remote file inclusion vulnerabilities:
The causes of local file inclusion and remote file inclusion vulnerabilities are the same. If the options allow_url_fopen and allow_url_include in the PHP configuration file php.ini are enabled, the included files can be files stored on a third-party server, thus forming a remote file inclusion vulnerability. An attacker can construct a malicious URL and include malicious code into the affected page to execute the attack code.
远程文件包含条件:需要满足两个条件。php.ini 中的配置选项为
allow_url_fopen:on
allow_url_include:on
If you have anything to add, please contact the author of this article
This article is for learning and communication purposes only and may not be used for any commercial purposes. The views, opinions and suggestions in the article are those of the author alone and do not represent the position of this site. The author and this site are not responsible for any consequences arising from the use of the technologies, methods, processes and tools mentioned in this article. Before using these technologies, methods, processes and tools, please understand your legal responsibilities and risks and take appropriate security measures.