LFI

Example 1: PHP

Vulnerable Code:

phpCopy code<?php
include($_GET['file']);
?>

Reason for vulnerability: User input is directly included, allowing LFI.

Fixed Code:

phpCopy code<?php
$file = basename($_GET['file']);
include("/var/www/html/" . $file);
?>

Reason for fix: Sanitize user input and restrict to allowed directories.

Example 2: Python

Vulnerable Code:

pythonCopy code@app.route('/view')
def view():
    file = request.args.get('file')
    with open(file, 'r') as f:
        return f.read()

Reason for vulnerability: User input is directly used in the file path, allowing LFI.

Fixed Code:

pythonCopy code@app.route('/view')
def view():
    file = os.path.basename(request.args.get('file'))
    with open(os.path.join('/var/www/html', file), 'r') as f:
        return f.read()

Reason for fix: Sanitize user input and restrict to allowed directories.

PHP Example

Vulnerable Code:

phpCopy<?php
$page = $_GET['page'];
include($page . '.php');
?>

Reason for Vulnerability:

This code allows an attacker to include arbitrary files from the local filesystem.

Fixed Code:

phpCopy<?php
$allowed_pages = ['home', 'about', 'contact'];
$page = $_GET['page'];

if (!in_array($page, $allowed_pages)) {
    die('Invalid page');
}

include $page . '.php';
?>

Reason for Fix:

The fixed code uses a whitelist of allowed pages to prevent inclusion of arbitrary files.

PreviousPath Traversal NextRFI

Last updated 1 month ago