Shulou(Shulou.com)06/03 Report--

The file contains an introduction to vulnerabilities:

Program developers generally write reused functions into a single file, and call this file directly when they need to use a function without having to write it again, in which the process of file call is generally called file inclusion. Program developers generally want the code to be more flexible, so they set the included files as variables for dynamic calls, but it is precisely because of this flexibility that the client can invoke a malicious file, resulting in file inclusion vulnerabilities. Almost all scripting languages provide the function of file inclusion, but file inclusion vulnerabilities are mostly found in PHP, but there are very few or no vulnerabilities in JSP, ASP, and ASP.NET programs, which is a drawback of some language designs. Inclusion vulnerabilities are common in PHP, but that doesn't mean other languages don't exist.

Cause of vulnerability:

The cause of the file containing loophole is that when the file is introduced, the referenced file name can be controlled by the user. Because the incoming file name is not properly verified, or the check is bypassed, the unexpected file is manipulated, which may lead to unexpected file disclosure or even malicious code injection. When the included file is local to the server, the local file contains vulnerabilities, and the included file is in the third-party service, resulting in a remote file package containing vulnerabilities.

Vulnerability hazards:

Execute malicious code, contain malicious files to control the website, and even control the website server, and so on.

Local contains vulnerabilities:

Code:

Take the above code as an example:

Visit: http://127.0.0.1/fileupload/include.php?name=1.txt

The txt file code is:

We can see that the contents of the txt file are executed as a php file, as shown in the following figure:

Again, if you visit: http://127.0.0.1/fileupload/include.php?name=2.jpg

2.jpg is a sentence of a picture.

You can connect directly with a kitchen knife, which means that no matter what the suffix is, it will eventually be executed in the form of php.

But sometimes, this is encountered in the ISCC national tournament, that is, it will automatically join .php at the end, which is very annoying.

Code 2:

The execution result is as follows:

If you visit: http://127.0.0.1/fileupload/include2.php?page=1.txt

It's still wrong.

Solution: truncation

Utilization environment: php version

Conclusion: these have appeared in the national tournament of iscc, if you can read the source code at that time, you will be able to win the prize. There is no end to learning. Come on.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.