Username: 
Password: 
Restrict session to IP 
Questions  |  score: 2  |  Solved By 3475 People  |  113264 views  |  since Nov 12, 2010 - 00:38:05

PHP 0817 (PHP, Exploit)

PHP-0817
I have written another include system for my dynamic webpages, but it seems to be vulnerable to LFI.
Here is the code:
GeSHi`ed PHP code
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
<?php
if (isset($_GET['which']))
{
        $which = $_GET['which'];
        switch ($which)        {
        case 0:
        case 1:
        case 2:
                require_once $which.'.php';                break;
        default:
                echo GWF_HTML::error('PHP-0817', 'Hacker NoNoNo!', false);
                break;
        }}
?>

Your mission is to include solution.php.
Here is the script in action: News, Forum, Guestbook.

Good Luck!
© 2010, 2011, 2012, 2013, 2014, 2015, 2016 and 2017 by Gizmore