PHP - Local File Inclusion
Your mission is to exploit this code, which has obviously an LFI vulnerability:
GeSHi`ed PHP code
1 $filename = 'pages/'.(isset($_GET["file"])?$_GET["file"]:"welcome").'.html';
2 include $filename;
There is a lot of important stuff in ../solution.php, so please include and execute this file for us.
Here are a few examples of the script in action (in the box below):
For debugging purposes, you may look at the whole source again, also as highlighted version.
- The page where you are browsing is:
- And the page when you send request will be shown up is:
- So, the LFI vulnerability you should take advantage is like below:
- But don't forget the script code will add the .html in the end. To bypass this restriction, we’ll use the null byte. Everything after the null byte will be deleted.
- Use the URL above to send the rquest. It's done!