锟斤拷锟斤拷 PHP 锟斤拷锟侥硷拷系统锟斤拷锟斤拷锟角伙拷锟斤拷 C 锟斤拷锟皆的猴拷锟斤拷锟侥o拷锟斤拷锟斤拷锟斤拷锟斤拷锟杰伙拷锟斤拷锟斤拷锟斤拷锟诫不锟斤拷锟侥凤拷式锟斤拷锟斤拷 Null 锟街凤拷锟斤拷 Null锟街凤拷锟斤拷 C 锟斤拷锟斤拷锟斤拷锟斤拷锟节憋拷识锟街凤拷锟斤拷锟斤拷锟斤拷锟斤拷一锟斤拷锟斤拷锟斤拷锟斤拷锟街凤拷锟斤拷锟角达拷锟戒开头锟斤拷锟斤拷锟斤拷 Null 锟街凤拷为止锟斤拷 锟斤拷锟铰达拷锟斤拷锟斤拷示锟斤拷锟斤拷锟狡的癸拷锟斤拷锟斤拷
Example #1 锟结被 Null 锟街凤拷锟斤拷锟解攻锟斤拷锟侥达拷锟斤拷
<?php
$file = $_GET['file']; // "../../etc/passwd\0"
if (file_exists('/home/wwwrun/'.$file.'.php')) {
// file_exists will return true as the file /home/wwwrun/../../etc/passwd exists
include '/home/wwwrun/'.$file.'.php';
// the file /etc/passwd will be included
}
?>
锟斤拷耍锟斤拷魏锟斤拷锟斤拷诓锟斤拷锟斤拷募锟较低筹拷锟斤拷址锟斤拷锟斤拷锟斤拷锟阶拷锟斤拷乇锟斤拷浅锟斤拷锟斤拷獠匡拷锟斤拷锟斤拷锟街凤拷锟斤拷锟斤拷锟斤拷锟斤拷锟诫经锟斤拷锟绞碉拷锟侥硷拷椤o拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷拥母慕锟斤拷姹撅拷锟�
Example #2 锟斤拷证锟斤拷锟斤拷锟斤拷锟饺凤拷锟斤拷锟�
<?php
$file = $_GET['file'];
// 锟斤拷锟街凤拷锟斤拷锟斤拷锟叫帮拷锟斤拷锟斤拷锟斤拷锟�
switch ($file) {
case 'main':
case 'foo':
case 'bar':
include '/home/wwwrun/include/'.$file.'.php';
break;
default:
include '/home/wwwrun/include/main.php';
}
?>