Open Source Your Knowledge, Become a Contributor
Technology knowledge has to be shared and made accessible for free. Join the movement.
The include fault
The include () function in PHP is used to execute php code that is located in another file. Example:
In this case, the code in bth.php will be executed.
If the developer writes this code:
To exploit this vulnerability, we can use the following URL:
Here the "include" function will include the text of the "/ etc / passwd" file, and thus display its contents. It is possible to change "/ etc / passwd" to another server file that is normally not accessible, or even remote code accessible from another server.