Null Byte Injection
以前不知道,记下来。Perl PHP Null Byte Injectionrain.forest.puppy outlined in Phrack issue 55 the uses of NUL Byte Injection within Perl,and how these could be exploited. The results were very similar in PHP. An example of a NULL byte vulnerable PHP script is as follows: $file = $_GET['file']; require_once("/var/www/$file.php"); While the above script appears to be secured by forcing the ".php" file extension,it could be exploited as follows: The above NULL byte injection would result in the mandatory appended file extension (.php) to be dropped,and the /etc/passwd file to be loaded. Perl PHP Null Byte Injectionrain.forest.puppy outlined in Phrack issue 55 the uses of NUL Byte Injection within Perl,and the /etc/passwd file to be loaded. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |