1
2
3
4
5
6

<?php

// The page we wish to display
$file = $_GET[ 'page' ];

?>

1
2
3

Warning: include(iviirjgiegij): failed to open stream: No such file or directory in D:\phpstudy_pro\WWW\DVWA-master\vulnerabilities\fi\index.php on line 36

Warning: include(): Failed opening 'iviirjgiegij' for inclusion (include_path='.;C:\php\pear;../../external/phpids/0.6/lib/') in D:\phpstudy_pro\WWW\DVWA-master\vulnerabilities\fi\index.php on line 36

1

..\..\hackable\flags\fi.php

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

<?php

// The page we wish to display
$file = $_GET[ 'page' ];

// Input validation
$file = str_replace( array( "http://", "https://" ), "", $file );
// 使用str_replace函数移除$file字符串中所有的"http://"和"https://"子串。
$file = str_replace( array( "../", "..\"" ), "", $file );
// 继续使用str_replace函数，这次移除$file中所有向上一级目录的路径指示符，无论是"../"还是"..\"（考虑到不同操作系统的路径分隔符）。

?>

1

..././..././hackable/flags/fi.php

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

<?php

// The page we wish to display
$file = $_GET[ 'page' ];

// Input validation
// 使用fnmatch函数检查$file是否匹配模式"file*"
// fnmatch用于实现shell风格的通配符匹配，这里的"file*"会匹配以"file"开头的任何字符串。
if( !fnmatch( "file*", $file ) && $file != "include.php" ) {
    // This isn't the page we want!
    echo "ERROR: File not found!";
    exit;
}

?>

1

file:///D:\phpstudy_pro\WWW\DVWA-master\hackable\flags\fi.php

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

<?php

// The page we wish to display
$file = $_GET[ 'page' ];

// Only allow include.php or file{1..3}.php
if( $file != "include.php" && $file != "file1.php" && $file != "file2.php" && $file != "file3.php" ) {
    // This isn't the page we want!
    echo "ERROR: File not found!";
    exit;
}

?>