Untitled
unknown
php
3 years ago
1.6 kB
5
Indexable
<?php // Get the file path from the query string $file = $_GET['file']; echo 'Initial input ' . $file . '<br />'; // Filter user input for the "../" sequence $file = str_replace('../', '', $file); echo 'filter 1: ' . $file . '<br />'; // Filter user input for the "....//" sequence $file = str_replace('....//', '', $file); echo 'filter 2: ' . $file . '<br />'; // Filter user input for the "..././" sequence // $file = str_replace('..././', '', $file); // Filter user input for the "%252e" sequence $file = str_replace('%252e', '', $file); echo 'filter 3: ' . $file . '<br />'; // Filter user input for the "%c0%ae" sequence $file = str_replace(' ', '', $file); echo 'filter 4: ' . $file . '<br />'; // Filter user input for the "/%5C.." sequence $file = str_replace('/%5C..', '', $file); echo 'filter 5: ' . $file . '<br />'; // Filter user input for the "....\/" sequence $file = str_replace('....\/', '', $file); echo 'filter 6: ' . $file . '<br />'; // Specify the trusted directory $trusted_dir = '/var/www/html/trusted/'; $trusted_dir2 = '/flag/'; $trusted_dir3 = '/etc/'; // Check if the requested file is in the trusted directory if (file_exists($trusted_dir . $file)) { // Include the requested file include($trusted_dir . $file); } elseif (file_exists($trusted_dir2 . $file)) { include($trusted_dir2 . $file); } elseif (file_exists($trusted_dir3 . $file)) { // Include the requested file include($trusted_dir3 . $file); } else { // Return an error message if the file is not allowed echo "Error: Invalid file specified."; }
Editor is loading...