API tools faq
paste
Advertisement
ZaraByte

Local file inclusion example

ZaraByte
Apr 4th, 2012
185
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.50 KB | None | 0 0
raw download clone embed print report
  1. Example of vulnerable php code that will lead to Local file inclusion attacks.
  2.  
  3. if your not sure how to load pages using the vulnerable code:
  4. <a href="index.php?file=main.php">Home</a> You will need to add a folder called "pages" and store your php files in if you wanna make your own demo site for testing LFI attacks.
  5. - ZaraByte (www.zarabyte.com)
  6.  
  7. Code:
  8. <?php
  9. $file = $_GET['file'];
  10. if(isset($file))
  11. {
  12. include("pages/$file");
  13. }
  14. else
  15. {
  16. include("main.php");
  17. }
  18. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!