Log in the background management and create a new node in the collection management
Add our url with the attack code
Then click collect
Because two methods are written in the source code
If you have curl extensions, use curl_ Close function. If not, use file_ get_ Contents function
And when processing the URL, only the first four characters of the URL are obtained by using the substr function, and whether it is HTTP is judged. If it is, it is checked
Here, you can use the features of PHP. When PHP encounters an unknown protocol, it will throw a warning and set the protocol to null. When the Protoco is null or file, the local operation will be carried out. By default, the local file operation will be performed if the protocol is not transferred or the protocol does not exist.
Therefore, we can use a custom protocol, such as httpxxx, which can start from HTTP, but can't be HTTPS.
We can try to read the /etc/passwd file
Then click collect
The file was read successfully
The text was updated successfully, but these errors were encountered:
Log in the background management and create a new node in the collection management
Add our url with the attack code
Then click collect
Because two methods are written in the source code
If you have curl extensions, use curl_ Close function. If not, use file_ get_ Contents function
And when processing the URL, only the first four characters of the URL are obtained by using the substr function, and whether it is HTTP is judged. If it is, it is checked
Here, you can use the features of PHP. When PHP encounters an unknown protocol, it will throw a warning and set the protocol to null. When the Protoco is null or file, the local operation will be carried out. By default, the local file operation will be performed if the protocol is not transferred or the protocol does not exist.
Therefore, we can use a custom protocol, such as httpxxx, which can start from HTTP, but can't be HTTPS.
We can try to read the /etc/passwd file
Then click collect
The file was read successfully
The text was updated successfully, but these errors were encountered: