Secure Pages

S C E N A R I O
A PHP-based web application dynamically includes pages based on a user-controlled query parameter. The navigation system allows users to switch between different sections of the site such as Home, About, Contact, and Dishes.

However, the page selection logic directly constructs file paths from user input without proper validation, potentially allowing unintended file access outside the intended directory structure.

O B J E C T I V E
Analyze the file inclusion logic, identify how user input influences file paths, and determine how directory traversal vulnerabilities can occur and be mitigated using secure PHP configuration practices.

Infrastructure PHP Web Application

Provided Files Provided via web interface

Flag Format Flag{}