PHP Wrappers

PHP wrappers are additional code that tells the stream how to handle specific protocols/encodings. There are about 12 different php wrappers and additional custom wrappers can also be introduced. You can read about these wrappers from here.

PHP wrappers can greatly help to exploit Local File Inclusion(LFI) vulernability in cases where the server has checks to prevent LFI.

The following is an example of including code into a file reading step within a php page,

http://192.168.1.1/pricelist.php?file=data:text/plain,<?php echo shell_exec("dir") ?>

Now, in this manner code can be introduced to either read a local file or to access a file from a remote server through HTTP.

PreviousRemote File InclusionNextSQL Injection

Last updated