Facebook Twitter RSS Youtube
Home » Archives for January 2013

Coppermine Photo Gallery

Saturday, January 19, 2013 0 comments




-->
Coppermine is a multi-effect scenario feature-rich, integrated web photo gallery written in PHP using GD or ImageMagick as image library with a MySQL backend.

Coppermine is a free software that you can download and install on your webspace. If you came here for a "Powered by Coppermine" link on the photo gallery, please read the Frequently Asked Questions.



-->
 

How To Protect Our Php script From LFI (local file include)

0 comments


Hello everybody,

Today We Will Learn How To Protect Our Php script From LFI (local file include)

Lets test ./

<?

include($_GET["file"].".php");

?>

Ops Error Ok

The attacker can exploit this error to show config file or other files  



first we will add that @ before include func ./

<?
@include($_GET["file"].".php");
?>


Now we can see no error but the code will be executed 



     because when we use @ operator in php expression any error messages

            that might be generated by that expression will be ignored./

what is the solution now ??

The solution is to use an function to replace the bad requisites

<?

function LFI($get)
{
$bad=array("%","","../","/","../..","base64","<",">","php://");
$get=str_ireplace($bad,'',$get);
return $get;
}

@include(LFI($_GET["file"]).".php");

?>

the job is done our php code is safe 100%


Copyright © 2012 Web2 Developers. All rights reserved.

Super SEO created by Blogger Tuts | Published by GalleryBloggerTemplates.com