This article is mainly to share with you in PHP filter protocol detailed, hope to help everyone.
php://-access to each input/output stream (I/O streams) php://input is a read-only stream that can access the raw data of the request. Php://filter is a wrapper protocol designed to allow a filter program to become a stream when it is opened. This is useful for individual file functions with full functionality, otherwise there is no opportunity to apply filters to the stream before reading the content. The protocol syntax is:php://filter:/<action>=<name> such as php://filter:/resource=http://www.baidu.com
Use Php://filter to get Web content:
<?php$url = ' http://www.phpfamily.cn '; $data = file_get_contents (' php://filter/resource= '. $url); Echo $data; Output results I http://www.phpfamily.cn the contents of the page
Php://filter List of parameters
parameter |
function |
read |
read |
write |
write |
resource |
data source |
read parameter value can be
string.strip_tags: Clears all HTML tags in the data flow
String.ToUpper: Converts the contents of the data stream to uppercase
String.ToLower: Converts the contents of the data stream to lowercase
Convert.base64-encode: Convert the contents of the data stream to Base64 encoded Convert.base64-decode: Decode A typical file contains a vulnerability. We can look at the code we want to see by constructing a statement that contains a vulnerability: file=php://filter/convert.base64-encode/resource=index.php. Then the resulting base64 code can be decoded.