README.md
Rendering markdown...
<?php
/**
* VULNERABLE CODE SNIPPET
*
* File: includes/html/pages/device/nfsen.inc.php
* Lines: 42-50
*
* This file is provided for reference only.
* Original source: LibreNMS (https://github.com/librenms/librenms)
*/
// Lines 42-50 from nfsen.inc.php
// ================================
if (! $vars['nfsen']) {
$vars['nfsen'] = 'general';
}
// VULNERABLE: $vars['nfsen'] comes from user input ($_GET/$_POST)
// and is used directly in include() without sanitization
if (is_file('includes/html/pages/device/nfsen/' . $vars['nfsen'] . '.inc.php')) {
include 'includes/html/pages/device/nfsen/' . $vars['nfsen'] . '.inc.php';
} else {
include 'includes/html/pages/device/nfsen/general.inc.php';
}
/**
* ATTACK EXAMPLE:
*
* Normal request:
* $vars['nfsen'] = 'general'
* include('includes/html/pages/device/nfsen/general.inc.php')
*
* Malicious request:
* $vars['nfsen'] = '../../api-access'
* include('includes/html/pages/device/nfsen/../../api-access.inc.php')
* = include('includes/html/pages/api-access.inc.php')
*/