PHP 0817 (PHP, Exploit)
PHP-0817
I have written another include system for my dynamic webpages, but it seems to be vulnerable to LFI.
Here is the code:
Your mission is to include solution.php.
Here is the script in action: News, Forum, Guestbook.
Good Luck!
Here is the code:
GeSHi`ed PHP code
1 2 3 4 56 7 8 9 1011 12 13 14 1516 17 | <?php if (isset($_GET['which'])) { $which = $_GET['which']; switch ($which) { case 0: case 1: case 2: require_once $which.'.php'; break; default: echo GWF_HTML::error('PHP-0817', 'Hacker NoNoNo!', false); break; }} ?> |
Your mission is to include solution.php.
Here is the script in action: News, Forum, Guestbook.
Good Luck!
PHP Warning(2): require_once(solution.php.php): failed to open stream: No such file or directory in /home/wechall/www/wc5/www/challenge/php0817/php0817.include line 10