file inclution
0x01 low
观察get中page参数可变,尝试修改
看到回显内容
还可远程包含文件
0x02 medium
过滤了http和…/过滤
使用str_replace(array())将目标串替换为"",考虑双写绕过
在较新版本中双写绕过似乎有些困难
0x03 high
规定以file开头
考虑伪协议包含文件
file://协议
0x04 impossible
写死读file文件,考虑上传同名文件,可能会修改文件内容
0x05 Repair 修复
主要过滤包含的函数,包含也叫语言特性,一般语言都有
include(),require()和include_once(),require_once()
include一般用于无关紧要的地方,包含出错也能继续执行代码
require一般更推荐使用,包含失败会产生致命错误,代码执行被终止
$stringing = "include|require|include_once|require_once"; $suspects = explode("|",$stringing); //$punctuation = array("(",")","&","|","/","\\",";","file","data","filter"); //$suspects = array_merge($suspects,$punctuation); $allnull = array(); for ($i = 0;$i<count($suspects);$i += 1){ array_push($allnull,'Hacker'); } $count = 0; $file = str_replace($suspects,$allnull,$file,$count); if ($count>0){ die("no inclution, go out"); }
![[dvwa] xss stored](https://ucc.alicdn.com/pic/developer-ecology/ebi4wp2ql3fxg_f27886e65af942a6a2e0f08964376c8b.png?x-oss-process=image/resize,h_160,m_lfit)