mmcoder
Sunday, July 21, 2013
LFI security code!!!
တျခားသူေတြကေတာ့ array နဲ႔ ေရးပါတယ္။ ဒီမွာေတာ့ ဖုိင္ရွိ၊ မရွိစစ္တဲ့ နည္းနဲ႔ေရးထားပါသည္။ LFI က page ေတြကုိ ခြဲထုတ္ေရးတဲ့ေနရာမွာေပါက္တာပါ။ ကြ်န္ေတာ္ေနာက္ပုိင္းက်လွ်င္ page management တစ္ခုတင္ေပးပါမယ္။ ဒီကုဒ္ေတြက php သမားပဲနားလည္လိမ့္မယ္ထင္ပါတယ္။
if (isset($_REQUEST['page'])) { if($_REQUEST['page'] !="") if(file_exists("posts/".$_REQUEST['page'].".php")) //$page_content = file_get_contents("posts/".$_REQUEST['page'].".php"); // $page= striptag $_REQUEST['page']; {$page_content = file_get_contents("pages/main.php"); } else header('location:index.php'); } else $_REQUEST['page'] = "body"; include("pages/main.php");
No comments:
Post a Comment
Newer Post
Older Post
Home
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment