Username: 
Password: 
Restrict session to IP 
Questions  |  score: 2  |  2.89 5.18 4.91 |  Solved By 4531 People  |  264285 views  |  since Oct 08, 2010 - 02:43:58

Training: PHP LFI (Exploit, PHP, Training)

PHP - Local File Inclusion
Your mission is to exploit this code, which has obviously an LFI vulnerability:

GeSHi`ed PHP code
1
2
$filename = 'pages/'.(isset($_GET["file"])?$_GET["file"]:"welcome").'.html';
include $filename;


There is a lot of important stuff in ../solution.php, so please include and execute this file for us.

Here are a few examples of the script in action (in the box below):
index.php?file=welcome
index.php?file=news
index.php?file=forums

For debugging purposes, you may look at the whole source again, also as highlighted version.
The vulnerable script in action (pages/../../solution.php)
LFI
  • Well done. If you find a local file inclusion, usually the box can get hacked into within minutes.
WeChall
  • Your answer is correct. To keep track of your progress you need to register.
Thanks go out to minus for his alpha testing, great thoughts and motivation!
© 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 and 2021 by Gizmore