Untitled

mail@pastecode.io avatar
unknown
php
2 years ago
1.6 kB
3
Indexable
Never
<?php

// Get the file path from the query string
$file = $_GET['file'];

echo 'Initial input ' . $file . '<br />';
// Filter user input for the "../" sequence

$file = str_replace('../', '', $file);

echo 'filter 1: ' . $file . '<br />';

// Filter user input for the "....//" sequence
$file = str_replace('....//', '', $file);

echo 'filter 2: ' . $file . '<br />';
// Filter user input for the "..././" sequence
// $file = str_replace('..././', '', $file);

// Filter user input for the "%252e" sequence
$file = str_replace('%252e', '', $file);
echo 'filter 3: ' . $file . '<br />';

// Filter user input for the "%c0%ae" sequence
$file = str_replace('   ', '', $file);

echo 'filter 4: ' . $file . '<br />';
// Filter user input for the "/%5C.." sequence
$file = str_replace('/%5C..', '', $file);
echo 'filter 5: ' . $file . '<br />';

// Filter user input for the "....\/" sequence
$file = str_replace('....\/', '', $file);
echo 'filter 6: ' . $file . '<br />';

// Specify the trusted directory
$trusted_dir = '/var/www/html/trusted/';
$trusted_dir2 = '/flag/';
$trusted_dir3 = '/etc/';
// Check if the requested file is in the trusted directory
if (file_exists($trusted_dir . $file)) {
    // Include the requested file
    include($trusted_dir . $file);
} elseif (file_exists($trusted_dir2 . $file)) {
    include($trusted_dir2 . $file);
} elseif (file_exists($trusted_dir3 . $file)) {
    // Include the requested file
    include($trusted_dir3 . $file);
} else {
    // Return an error message if the file is not allowed
    echo "Error: Invalid file specified.";
}