Abusing include
1. Cause of vulnerability:
Include is the most commonly used function in writing PHP websites and supports relative paths. There are many PHP scripts that directly use an input variable as an Include parameter, causing vulnerabilities such as arbitrary script reference and absolute path leakage. Look at the following code:
...
$includepage=$_GET["includepage"];
include($includepage);
...
Obviously, we only need to submit different Includepage variables to get the desired page. If you submit a page that does not exist, you can cause the PHP script to error and leak the actual absolute path (the solution to this problem is explained in the following article).
2. Vulnerability resolution:
The solution to this vulnerability is very simple, which is to first determine whether the page exists and then include it. Or more strictly, use an array to specify the files that can be included. Look at the following code:
$pagelist=array("test1.php","test2.php","test3.php"); //Here are the files that can be included
if(isset($_GET["includepage"] )) //Determine whether there is $includepage
{
$includepage=$_GET["includepage"];
foreach($pagelist as $prepage)
{
if($includepage= =$prepage) //Check whether the file is in the allowed list
{
include($prepage);
$checkfind=true;
break;
}
}
if($checkfind==true){ unset($checkfind); }
else{ die("Invalid reference page!"); }
}
This will solve the problem very well.
Tips: Functions with this problem include: require(), require_once(), include_once(), readfile(), etc. Please pay attention when writing.
Input variables are not filtered
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
