Training: PHP LFI (Exploit, PHP, Training)
PHP - Local File Inclusion
Your mission is to exploit this code, which has obviously an LFI vulnerability:
There is a lot of important stuff in ../solution.php, so please include and execute this file for us.
Here are a few examples of the script in action (in the box below):
index.php?file=welcome
index.php?file=news
index.php?file=forums
For debugging purposes, you may look at the whole source again, also as highlighted version.
PHP code$filename = 'pages/'.(isset($_GET["file"])?$_GET["file"]:"welcome").'.html';
include $filename;There is a lot of important stuff in ../solution.php, so please include and execute this file for us.
Here are a few examples of the script in action (in the box below):
index.php?file=welcome
index.php?file=news
index.php?file=forums
For debugging purposes, you may look at the whole source again, also as highlighted version.
The vulnerable script in action (pages/welcome.html)
Welcome to my site!
Dude, you got hacked by ZeroCool :D Contact me...
Thanks go out to minus for his alpha testing, great thoughts and motivation!
© 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 and 2018 by Gizmore