Username: 
Password: 
Restrict session to IP 
Questions  |  score: 2  |  2.88 5.17 4.92 |  Solved By 4979 People  |  330096 views  |  since Oct 08, 2010 - 02:43:58

Training: PHP LFI (Exploit, PHP, Training)

PHP - Local File Inclusion
Your mission is to exploit this code, which has obviously an LFI vulnerability:

GeSHi`ed PHP code
1
2
$filename = 'pages/'.(isset($_GET["file"])?$_GET["file"]:"welcome").'.html';
include $filename;


There is a lot of important stuff in ../solution.php, so please include and execute this file for us.

Here are a few examples of the script in action (in the box below):
index.php?file=welcome
index.php?file=news
index.php?file=forums

For debugging purposes, you may look at the whole source again, also as highlighted version.
The vulnerable script in action (pages/welcome.html)

Welcome to my site!

Dude, you got hacked by ZeroCool :D Contact me...

Thanks go out to minus for his alpha testing, great thoughts and motivation!
© 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 and 2024 by Gizmore