I have written another include system for my dynamic webpages, but it seems to be vulnerable to LFI.
Here is the code:
GeSHi`ed PHP code
- if (isset($_GET['which']))
- $which = $_GET['which'];
- switch ($which)
- case 0:
- case 1:
- case 2:
- require_once $which.'.php';
- echo GWF_HTML::error('PHP-0817', 'Hacker NoNoNo!', false);
Your mission is to include solution.php.
Here is the script in action: News, Forum, Guestbook.
- The link of each page is like below:
- You should know in PHP if the statement list for a case is empty, which will simply passes control into the statement list for the next case.
- And since the switch statement uses loose type comparison, anything not a digit will make the code vulnerable.
- Well done, too easy... Do you know why this is possible?