public function uri_based_lfi($method, $blankurl, $url, $payload)
{
$web = \Web::instance();
$f3 = \Base::instance();
$audit_instance = \Audit::instance();
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($blankurl) {
$error = true;
\Flash::instance()->addMessage('Please enter a url e.g. http://africahackon.com', 'warning');
} else {
$audited_url = $audit_instance->url($url);
if ($audited_url == TRUE) {
$url = rtrim($url, "/");
if (ini_get('open_basedir')) {
$follow_loc = FALSE;
} else {
$follow_loc = TRUE;
}
if ($method == "POST") {
$options = array('content' => $payload, 'follow_location' => $follow_loc);
$request_successful = $web->request($url, $options);
} else {
$options = array('follow_location' => $follow_loc);
$request_successful = $web->request($url . $payload, $options);
}
if (!$request_successful) {
\Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'warning');
} else {
$result_body = $request_successful['body'];
$result_headers = $request_successful['headers'];
$response_header = $result_headers["0"];
$engine = $request_successful['engine'];
$headers_max = implode("\n", $result_headers);
if (strpos($response_header, '200 OK') !== false) {
$myFinalRequest = "Headers: \n\n" . $headers_max . "\n\n Body:\n\n" . $result_body . "\n\n Engine Used: " . $engine;
$this->response->data['content'] = $myFinalRequest;
} else {
$this->response->data['content'] = "Not Exploitable Application Returned the response below: \n\n " . $headers_max;
}
//convert array header to string
}
} else {
\Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'danger');
}
}
}
}
