Rips Scanners (0.5) exposed local File Inclusion Vulnerability
RIPS is a source code analysis tool written in php. It uses static analysis technology to automatically discover potential security vulnerabilities in PHP source code. Penetration testers can easily review the analysis results without reviewing the entire program code.
Due to the limitations of static source code analysis, whether the vulnerability exists is still required by the Code reviewer. RIPS can detect XSS, SQL Injection, file leakage, and Header Injection vulnerabilities.
Http://rips-scanner.sourceforge.net/
In the RIPS code. php file
$ File = $ _ GET ['file']; $ marklines = explode (',', $ _ GET ['lines']); $ ext = '. '. pathinfo ($ file, PATHINFO_EXTENSION); if (! Empty ($ file) & is_file ($ file) & in_array ($ ext, $ FILETYPES) {$ lines = file ($ file ); // place line numbers in extra table for more elegant copy/pasteout line numbers echo ''; for ($ I = 1, $ max = count ($ lines ); $ I <= $ max; $ I ++) echo "'; echo'
$ I File Inclusion Vulnerability
The usage is as follows:
Http: // localhost/rips/windows/code. php? File =/var/www/html/index. php
Invalid file specified.