Skip to content

Instantly share code, notes, and snippets.

@berwiecom

berwiecom/web..include.php.md

Created June 25, 2024 01:43
Show Gist options
  • Save berwiecom/948eb04bc1f40afb47b1538257c5e096 to your computer and use it in GitHub Desktop.
Save berwiecom/948eb04bc1f40afb47b1538257c5e096 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
web..include.php.md

XSS vulnerability

Activate allow_url_fopen = On in php.ini

Still hazardous. Try Html Purifer http://htmlpurifier.org

Alternate method: cURL

https://sebhastian.com/php-filegetcontents-not-working/

$ch = curl_init(); $url = "https://example.com"; curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); # set cURL to return as a string $output = curl_exec($ch); curl_close($ch);

OR:

https://stackoverflow.com/a/75116379

OR:

https://stackoverflow.com/a/74813425

OR:

https://stackoverflow.com/a/5402193

OR:

https://stackoverflow.com/a/71534712

trim + parse https://stackoverflow.com/a/11935969

timeout https://stackoverflow.com/a/59895823

and urlencode the URL https://stackoverflow.com/a/697498

and include User-Agent https://stackoverflow.com/a/45930689

User-Agent + HTTP header, timeout, https://stackoverflow.com/a/77989845

Info / Tip

Fail2Ban blocks server doing 'file_get_contents() requests'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment