Home > Backend Development > PHP Tutorial > Application analysis of allow_url_include in php

Application analysis of allow_url_include in php

WBOY
Release: 2016-07-25 09:05:41
Original
992 people have browsed it
  1. // Insecure Include

  2. // The following Include statement will
  3. // include and execute everything POSTed
  4. // to the server

  5. include "php://input";

  6. ?>

Copy code

Example 2: Use data: to Include arbitrary code

  1. // Insecure Include

  2. // The following Include statement will
  3. // include and execute the base64 encoded
  4. // payload. Here this is just phpinfo()< ;/p>
  5. include "data:;base64,PD9waHAgcGhwaW5mbygpOz8+";

  6. ?>
Copy the code

Put these into the operation and you will find that neither url_allow_fopen is Nor is url_allor_include guaranteed. Just because filters rarely filter vectors. If you want to completely solve this URL include vulnerabilities method, you need to apply the Suhosin extension.



source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template