LFI
Example 1: PHP
Vulnerable Code:
phpCopy code<?php
include($_GET['file']);
?>Reason for vulnerability: User input is directly included, allowing LFI.
Fixed Code:
phpCopy code<?php
$file = basename($_GET['file']);
include("/var/www/html/" . $file);
?>Reason for fix: Sanitize user input and restrict to allowed directories.
Example 2: Python
Vulnerable Code:
pythonCopy code@app.route('/view')
def view():
file = request.args.get('file')
with open(file, 'r') as f:
return f.read()Reason for vulnerability: User input is directly used in the file path, allowing LFI.
Fixed Code:
pythonCopy [email protected]('/view')
def view():
file = os.path.basename(request.args.get('file'))
with open(os.path.join('/var/www/html', file), 'r') as f:
return f.read()Reason for fix: Sanitize user input and restrict to allowed directories.
PHP Example
Vulnerable Code:
phpCopy<?php
$page = $_GET['page'];
include($page . '.php');
?>Reason for Vulnerability:
This code allows an attacker to include arbitrary files from the local filesystem.
Fixed Code:
phpCopy<?php
$allowed_pages = ['home', 'about', 'contact'];
$page = $_GET['page'];
if (!in_array($page, $allowed_pages)) {
die('Invalid page');
}
include $page . '.php';
?>Reason for Fix:
The fixed code uses a whitelist of allowed pages to prevent inclusion of arbitrary files.
Last updated