Username: 
Password: 
Restrict session to IP 
Questions  |  score: 2  |  1.60 3.79 3.49 |  Solved By 6192 People  |  209160 views  |  since Nov 12, 2010 - 00:38:05

PHP 0817 (PHP, Exploit)

PHP-0817
I have written another include system for my dynamic webpages, but it seems to be vulnerable to LFI.
Here is the code:
GeSHi`ed PHP code
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
<?php
if (isset($_GET['which']))
{
        $which = $_GET['which'];
        switch ($which)        {
        case 0:
        case 1:
        case 2:
                require_once $which.'.php';                break;
        default:
                echo GWF_HTML::error('PHP-0817', 'Hacker NoNoNo!', false);
                break;
        }}
?>

Your mission is to include solution.php.
Here is the script in action: News, Forum, Guestbook.

Good Luck!
Hello Guest, welcome to the news page.
© 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 and 2024 by Gizmore