Login

Password dimenticata?


Non sei registrato? Clicca qui

Registrati per richiedere un preventivo di noleggio.
Maggiori informazioni
  1. Effettuare la registrazione da qui.
  2. Effettuata la registrazione eseguire il login dalla finestra di account.
  3. Dalla finestra di account è ora possibile creare una richiesta di preventivo.
  4. Specificare la data di inizio e fine noleggio.
    (Per fine noleggio si intende la data di riconsegna dei materiali.)
  5. Selezionare il servizio richiesto tra quelli disponibili.
  6. Premere il pulsante “Crea richiesta”.
  7. Aggiungere la quantità e i prodotti di cui si necessita, o direttamente dalla finestra di account o dalla pagina dei prodotti stessi.
  8. Una volta inseriti tutti i prodotti di cui si necessita premere il pulsante “Invia richiesta” per inoltrare la richiesta di preventivo al nostro staff.
  9. La sua richiesta verrà esaminata e le verrà inviato un preventivo all' E-mail inserita nella registrazione.
Se hai dimenticato la password, inserisci la tua E-mail per riceverla nuovamente.



Richiedi informazioni


* Ho letto l'informativa privacy e acconsento al trattamento dei miei dati personali

Inserisci il numero:







-include-..-2f..-2f..-2f..-2froot-2f

After normalization, this resolves to /etc/passwd . The server then includes that file – and if the include function is not restricted to PHP files only, the contents of /etc/passwd may be disclosed.

Do not run the web server as root . Use a dedicated user (e.g., www-data ) with minimal filesystem permissions. Even if an LFI vulnerability exists, the attacker cannot read /root/ if the web server user has no access to it. That’s why many LFI attacks target /etc/passwd instead – it’s world‑readable.

Path traversal occurs when an application accepts user input and passes it to a file system API without sufficient sanitization. The Vulnerable Scenario

or similar function in its source code to dynamically load content based on user input. : This is a URL-encoded version of . In file systems, is the command to "move up one directory." Redundancy ( ..-2F..-2F..-2F..-2F -include-..-2F..-2F..-2F..-2Froot-2F

The web server user should have to /root/ , /etc/shadow , or configuration files containing secrets. Use chmod and chown to lock down permissions.

$allowed_pages = ['home', 'about', 'contact']; if (in_array($_GET['page'], $allowed_pages)) include("/var/www/html/pages/" . $_GET['page'] . ".php"); else include("error.php");

$base_dir = '/var/www/html/includes/'; $user_input = $_GET['file']; // Resolve the absolute path $real_path = realpath($base_dir . $user_input); // Verify the file exists and resides within the allowed base directory if ($real_path !== false && strpos($real_path, $base_dir) === 0) include($real_path); else die("Access Denied: Invalid File Path."); Use code with caution. 3. Apply the Principle of Least Privilege After normalization, this resolves to /etc/passwd

An attacker submits the payload via a URL parameter, form field, or HTTP header.

The keyword -include-..-2F..-2F..-2F..-2Froot-2F is interesting because it uses hyphens as separators instead of percent signs. While standard URL encoding uses %2F , attackers constantly innovate to evade detection. Security tools that look for simple patterns like ../ or %2e%2e%2f might miss hyphen-delimited representations if not properly normalized. This highlights the importance of : converting all input to a standard, decoded form before validation.

The final part of the payload, root-2F , translates to root/ . The attacker is attempting to navigate directly into the root user's home directory or the topmost logical directory of the operating system to find sensitive configuration files, cryptographic keys, or system logs. How Path Traversal Exploitation Works Use a dedicated user (e

In web development, it's common to interact with the file system to serve files, read configurations, or perform other operations. However, improperly handling file paths can lead to security vulnerabilities, such as Path Traversal attacks.

Successful exploitation of a path traversal vulnerability using this pattern can lead to:

Attackers can read sensitive system files such as /etc/passwd on Linux or C:\boot.ini on Windows, exposing user accounts and system configurations.

The repeated ../ sequences break out of the intended web root directory (e.g., /var/www/html/ ).