Username: 
Password: 
Restrict session to IP 
Questions  |  score: 2  |  1.46 3.72 3.44 |  Solved By 3761 People  |  120379 views  |  since Nov 12, 2010 - 00:38:05

PHP 0817 (PHP, Exploit)

PHP-0817
I have written another include system for my dynamic webpages, but it seems to be vulnerable to LFI.
Here is the code:
PHP code
<?php
if (isset($_GET['which']))
{
$which = $_GET['which'];
switch ($which)
{
case 0:
case 1:
case 2:
require_once $which.'.php';
break;
default:
echo GWF_HTML::error('PHP-0817', 'Hacker NoNoNo!', false);
break;
}
}
?>

Your mission is to include solution.php.
Here is the script in action: News, Forum, Guestbook.

Good Luck!
© 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 and 2018 by Gizmore