Local inclusion of php

Source: Internet
Author: User

I thought I had dug a gold mine. After talking with heige, I found that it could only be used on the Win32 platform, reducing the power of this BUG, basically not causing much harm, this is because there are too few PHP applications on the WIN32 platform.

Include $ _ GET [file]. ". php ";

In the past, we used % 00 to truncate it. The current PHP version has basically expired. The idea of mining is to trigger a vulnerability by combining conditions in multiple environments as described by Heike. The operating system has a limit on the length of the file name. If our $ _ GET [file] exceeds this limit, the last line in the PHP code is. ". php will expire. The Truncation here should be different from the truncation principle of % 00.

Usage: index. php? Filedesksome.txt /////////////////////.... [More than a certain number/]

I do not know how to use it on LINUX.

The include of jsp under PS and resin only needs one /.

The MaxPath in win is 260 bytes.

In linux, there seems to be a limit. It seems to be 512 ??

Html> http://www.wolvez.org/forum/thread-55-1-1.html

In fact, before someone mentioned with a certain number of/break through the operating system on the file name length limit to cut off the following string, see: http://cloie.it580.com /? P = 51

It is mentioned in this article that it can only be used in windows. In fact, it can be used in some Linux Hosts, but the number of "/" is more (to make the file path name length greater than 4096 bytes ), take a look at the following code snippet:
<? Php
$ A =;
For ($ I = 0; $ I <= 4071; $ I ++ ){
$ A. = /;
$ A = test.txt. $ a; // The complete path is/var/www/test/test.txt.
Require_once ($ a.. php );
Test in linuxenvironment, you will find that. php is intercepted, and the success includes test.txt :)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.