How to avoid File Inclusion failure?

Question

How to avoid File Inclusion failure?

Navigation

#1 by (0 votes)

0

Personal using a vulnerability search tool, vul File Inclusion has been found, which is in the following codes:

$url = (isset($_GET['url'])) ? htmlentities(strip_tags($_GET['url'])) : '';
$parametros = explode('/', $url);
$paginas_permitidas = array('pedidos','novo_ticket','tickets_abertos','tickets_fechados','ticket','perfil','detalhes','categorias');

if($url == ''){
    include_once "../../pages/home.php";
}elseif(in_array($parametros[0], $paginas_permitidas)){
    include_once "../../pages/".$parametros[0].'.php';
}elseif($parametros[0] == 'categoria'){
    if(isset($parametros[1]) && !isset($parametros[2])){
        include_once "../../pages/categoria.php";
    }elseif(isset($parametros[2])){
        include_once "../../pages/subcategoria.php";
    }
}else{
    include_once "../../pages/erro404.php";
}


// Também da alerta de File Inclusion neste codigo


if(!isset($_GET['pagina']) || $_GET['pagina'] == ''){
    include_once "../../../pages/home.php";
}else{
    $pagina = strip_tags($_GET['pagina']);

    if(file_exists('../../../pages/'.$pagina.'.php')){
        include_once "../../../pages/$pagina".'.php';

    }else{
        echo '<div class="alert alert-danger">
              <strong>Desculpe mas a pagina que você procura, não existe!</strong>
              </div>';
    }
}

A friend suggested using the following code as a basis:

$path_parts = pathinfo(dirname(__FILE__) . "/{$file}.php");
$str = "{$path_parts['filename']}.php";
(file_exists($str)) ? require_once($str) : exit(Functions::__error("ERROR OPEN FILE: {$str}"));

However, I tried booting in my system because I did not have a lot of programming, can anyone help me or hint how to implement the above code so that the vul is eliminated?

php url-amigavel

asked by anonymous 20.06.2016 / 20:12

1 answer

Send selected photo in the gallery to the bank along with form, using php web service Ajax Returning all page HTML

score 0 · Answer 1

Understanding File Inclusion

Local file inclusion (also known as LFI) is the process of adding files, which are already locally present on the server, by exploiting vulnerable inclusion procedures implemented in the application. This vulnerability occurs, for example, when a page receives as input the path to the file that should be included and this entry is not properly protected, allowing directory traversal attacks (such as directory traversal attack) to be injected. p>

In other words, attacks usually occur above the% of% that is not properly protected.

After all, what ways to protect against File Inclusion?

There are several ways for a hacker to get their information, because no system is completely secure, for example, some hackers even use Google dorking to see which sites are vulnerable to attack.

Well, there are a number of ways to prevent attacks from include() .

Some of them are:

Never use arbitrary input data in a literal file include request.

Use a filter to completely wipe input parameters against possible file additions.

Create a File Inclusion

Reject file names that contain., .., or / (or \ on Windows)

File name limitation for basic alphanumeric characters

Prepend to include the directory name and append the appropriate extension

Here is an example of whitelist , to avoid file inclusion and code injections:

 $whitelist = array('home', 'page');

  if (in_array($_GET['page'], $whitelist)) {
        include($_GET['page'].'.php');
  } else {
        include('home.php');
  }

NOTE: Be sure to check that the page is on the whitelist

Using url-friendly

Friendly URL is a web address that is easy to read and includes words that describe the content of the page. This type of URL can be "nice" in two ways.

1) It can help visitors remember the web address.

2) It can help to describe the page for the search engines.

Creating a Url-friendly

To create you will need to go in whitelist and put the following codes:

1st way to do it

  RewriteEngine on
  RewriteRule ^/news/([0-9]+)\.html /news.php?news_id=$1

And this map .htaccess of

/news.php?news_id=63

To

/news/63.html

2nd way to do it

Options +FollowSymLinks

RewriteEngine on

RewriteRule suaPaginaPhp/(.*)/ suaPaginaPhp.php?u=$1

RewriteRule suaPaginaPhp/(.*) suaPaginaPhp.php?u=$1

If you'd like to take a look at other ways to protect yourself against this glitch, take a look at this article .