Restrict session to IP 
Questions  |  score: 2  |  2.85 5.06 4.89 |  Solved By 2939 People  |  177609 views  |  since Oct 08, 2010 - 02:43:58

Training: PHP LFI (Exploit, PHP, Training)

PHP - Local File Inclusion
Your mission is to exploit this code, which has obviously an LFI vulnerability:

PHP code
$filename = 'pages/'.(isset($_GET["file"])?$_GET["file"]:"welcome").'.html';
include $filename;

There is a lot of important stuff in ../solution.php, so please include and execute this file for us.

Here are a few examples of the script in action (in the box below):

For debugging purposes, you may look at the whole source again, also as highlighted version.
The vulnerable script in action (pages/welcome.html)

Welcome to my site!

Dude, you got hacked by ZeroCool :D Contact me...

Thanks go out to minus for his alpha testing, great thoughts and motivation!
© 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 and 2018 by Gizmore