WeChall_PHP 0817 (PHP, Exploit)

I have written another include system for my dynamic webpages, but it seems to be vulnerable to LFI.
Here is the code:

GeSHi`ed PHP code

1 2 3 4 56 7 8 9 1011 12 13 14 1516 17

<?php if (isset($_GET['which'])) {         $which = $_GET['which'];         switch ($which)        {         case 0:         case 1:         case 2:                 require_once $which.'.php';                break;         default:                 echo GWF_HTML::error('PHP-0817', 'Hacker NoNoNo!', false);                 break;         }} ?>

Your mission is to include solution.php.
Here is the script in action: News, Forum, Guestbook.

Good Luck!

 

解题：

　　最近看了看PHP语法和web相关的知识，这道题要在网页提交前拦截，并把which数值改为solution，然后提交即可。