File Inclusion Vulnerability Exploitation

tag: reads the character "WAF index. php" and uses Apach for integrated decryption.

File Inclusion can be used (1) To directly traverse and read files; (read sensitive information) when it is known that the default installation path of middleware IIS, Apache and third-party integration packages, and other programs, you can directly use file inclusion and directory traversal to "read configuration files" include. PHP? File =.../etc/pass include. php? File = .. /.. /.. /XAMPP/htdocs/config. PHP (2) parses any file conforming to PhP specifications; (local inclusion with file upload) the file inclusion function can be used to parse any file conforming to PhP specifications, attackers can bypass WAF in combination with file uploads to obtain webshells. Exploitation process: Upload shell.txt/shell.jpg/shell.rar/shell on the 1st node. XXX (the absolute path of the uploaded file must be confirmed) 2) use the File Inclusion Vulnerability to directly parse the uploaded files without the PHP suffix and obtain webshell. (3) Use PHP Encapsulation Protocol (read PHP file source code) PHP has many built-in encapsulation protocols similar to the URL style: file: // --- access the local file system; http: // --- access the HTTP (s) URL; ftp: // --- access the FTP (s) URLs; PHP: // --- access the input/output stream (I/0 stream) eg: http://www.test.com/index.php? Page = PHP: // filter/read = convert. base64-encode/resource = config. PHP access URL to obtain the base64 encrypted string --- "encrypted code. After decryption, you can obtain the source file content.

exploitation of File Inclusion vulnerabilities