TechQA.

Bypass file extension on File Inclusion Attack

3.6k views Asked by At

I read a ethical hacking book and I should pass a exercise. In this exercise there is a php code like this:

<?php
    $page = $_GET['p'];
    include($page.".php");
?>

I must access passwd by appling file inclusion attack. I tried put %00 end of url and I can't.

php file-inclusion
Original Q&A
1

There are 1 answers

0
Evil_skunk On

The simple Null Byte Injection depends on the current server configuation. So maybe it's prevented because magic_quotes_gpc is turned On.

But there are other attack vectors too:

Related Questions in PHP

Related Questions in FILE-INCLUSION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions