TechQA.

LFI bypass of array method?

358 views Asked by At 
    <?php


    $v1 = array('delete.txt', 'undelete.txt');

    $filename = @$_GET['getfile'];

    if(isset($filename)) 
    {

    if (in_array($filename, $v1))
    {   
     include($filename);
    }

    else
    {
        include("index.php");
    }

    }


    ?>
    <html>
    <body>
    <title>
    Hack me</title>
    <link href="style.css" rel="stylesheet" type="text/css"/>

    <style>body {
        background-color: #C0C0C0;
    }
    </style>

    <table align="right"><td><a href="/dashboard/demoapp.php"><font size="5">Home</font></a></td></table>

    <img src="/dashboard/demo.jpg" width="500" height="100"><br><br><br>




</body>

    </html>

Is it possible to bypass this filter in LFI?

What I did here have I created an array and in that array, I allowed only two files. If in_array() did not find it it will include another one.

So Is it still vulnerable?

php file-inclusion
Original Q&A
0

There are 0 answers

Related Questions in PHP

Related Questions in FILE-INCLUSION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions