Hello everyone,
I'm actually working on a course of security IT awarness by creating a little website with a lot of security holes (SQL injection / XSS / Session handling / information leakage / local file inclusion / path traversal...).
I also wanted to add an inclusion vulnerability by using the null byte (%00). Here is an example of what I want to be done :
test.php
<?php
include '/'.$_GET['page'].'.php';
?>
So I send the following data through GET : [
localhost]
Normally, this should dump the content of the pass file but I get the following error : Warning: include() [function.include]: Failed opening '/admin/pass'
The path is right, the file exists and there is no problem on this side as this code is working :
<?php
include '/admin/pass';
?>
Which dumps me the content of the pass file.
Is there any options of php or apache on WAMP I should remove to make this vulnerability working ?
Thanks for your help.
Regards,
asdfgh