当前位置:WooYun(白帽子技术社区) >> php >> 一个php安全挑战
http://pastebin.com/hUcNJ1nr<?php
/* Another PHP Security Challenge */
/* Title: Resurrection of a Vulnerability Class */
/* Exploit this and send your solution to [email protected] */
/* Assume the following: */
/* - latest PHP 5.4.3 */
/* - running as Apache 2 module */
/* - disabled_functions = "" */
/* - open_basedir is set to the current directory */
/* - there is no writable directory reachable for the user Apache runs as */
/* - don't make assumption about existing files */
/* Task: Execute e.g. phpinfo() */
$cfg = ini_get("allow_url_include");
if ($cfg !== "0" && $cfg !== "") {
die("Insecure server configuration");
}
if (isset($_GET['action'])) {
$action = $_GET['action'];
} else {
die("No action supplied...");
}
if ($action[0] == '/' || $action[0] == '\\' || strpos($action, "..") !== FALSE) {
die("File inclusion attack blocked...");
}
include $action;
?>