RFI

PHP Example

Vulnerable Code:

phpCopy<?php
$template = $_GET['template'];
include($template);
?>

Reason for Vulnerability:

This code allows an attacker to include files from remote servers, potentially executing malicious code.

Fixed Code:

phpCopy<?php
$allowed_templates = ['header', 'footer', 'sidebar'];
$template = $_GET['template'];

if (!in_array($template, $allowed_templates)) {
    die('Invalid template');
}

include __DIR__ . '/templates/' . $template . '.php';
?>

Reason for Fix:

The fixed code uses a whitelist of allowed templates and includes files from a specific local directory, preventing RFI.

Example 1: PHP

Vulnerable Code:

phpCopy code<?php
include($_GET['url']);
?>

Reason for vulnerability: User input is directly included, allowing RFI.

Fixed Code:

phpCopy code<?php
$url = filter_var($_GET['url'], FILTER_VALIDATE_URL);
if ($url && parse_url($url, PHP_URL_HOST) == 'trusted.com') {
    include($url);
} else {
    die('Invalid URL');
}
?>

Reason for fix: Validate and restrict URLs to trusted domains.

Example 2: Python

Vulnerable Code:

pythonCopy [email protected]('/fetch')
def fetch():
    url = request.args.get('url')
    response = requests.get(url)
    return response.text

Reason for vulnerability: User input is directly used in the URL, allowing RFI.

Fixed Code:

pythonCopy [email protected]('/fetch')
def fetch():
    url = request.args.get('url')
    if not is_valid_url(url):
        abort(400)
    response = requests.get(url)
    return response.text

Reason for fix: Validate and restrict URLs to trusted domains.

PreviousLFI NextPrototype Pollution

Last updated 1 year ago