Local inclusion of php

I thought I had dug a gold mine. After talking with heige, I found that it could only be used on the Win32 platform, reducing the power of this BUG, basically not causing much harm, this is because there are too few PHP applications on the WIN32 platform.

Include $ _ GET [file]. ". php ";

In the past, we used % 00 to truncate it. The current PHP version has basically expired. The idea of mining is to trigger a vulnerability by combining conditions in multiple environments as described by Heike. The operating system has a limit on the length of the file name. If our $ _ GET [file] exceeds this limit, the last line in the PHP code is. ". php will expire. The Truncation here should be different from the truncation principle of % 00.

Usage: index. php? Filedesksome.txt /////////////////////.... [More than a certain number/]

I do not know how to use it on LINUX.

The include of jsp under PS and resin only needs one /.

The MaxPath in win is 260 bytes.

In linux, there seems to be a limit. It seems to be 512 ??

Html> http://www.wolvez.org/forum/thread-55-1-1.html

In fact, before someone mentioned with a certain number of/break through the operating system on the file name length limit to cut off the following string, see: http://cloie.it580.com /? P = 51

It is mentioned in this article that it can only be used in windows. In fact, it can be used in some Linux Hosts, but the number of "/" is more (to make the file path name length greater than 4096 bytes ), take a look at the following code snippet:
Code:
<? Php
$ A =;
For ($ I = 0; $ I <= 4071; $ I ++ ){
$ A. = /;
}
$ A = test.txt. $ a; // The complete path is/var/www/test/test.txt.
Require_once ($ a.. php );
?>
Test in linuxenvironment, you will find that. php is intercepted, and the success includes test.txt :)