Menu
This is my code
$file = $_GET['file'];
include "$file.html";
When I pass a URL like this:
test.php?file=sample.php%00,
the file sample.php should be included because of the null byte injection. But instead I'm getting an error:
Failed opening 'sample.php' for inclusion.
I have checked the file path and also tried giving it the absolute path.
I am using PHP version 5.3.8 on Windows. What is it that I am missing here? Thanks
576
asked Apr 08 '26 22:04
The null byte string vulnerability was fixed as of 5.3.4. That's why it's not working on your 5.3.8.
174
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
