-
-
// Insecure Include - // The following Include statement will
- // include and execute everything POSTed
- // to the server
include "php://input";
- ?>
-
Copy code
Example 2: Use data: to Include arbitrary code
-
-
// Insecure Include - // The following Include statement will
- // include and execute the base64 encoded
- // payload. Here this is just phpinfo()< ;/p>
include "data:;base64,PD9waHAgcGhwaW5mbygpOz8+";
- ?>
-
-
Copy the code
Put these into the operation and you will find that neither url_allow_fopen is Nor is url_allor_include guaranteed.
Just because filters rarely filter vectors. If you want to completely solve this URL include vulnerabilities method, you need to apply the Suhosin extension.
|