challenge-45.md

Challenge

<?php
if(isset($_GET) && !empty($_GET)){
    $url = $_GET['file'];
    $path = 'upload/'.$_GET['path'];
}else{
    show_source(__FILE__);
    exit();
}
 
if(strpos($path,'..') > -1){
    die('SYCwaf!');
}
 
if(strpos($url,'http://127.0.0.1/') === 0){
    file_put_contents($path, file_get_contents($url));
    echo "console.log($path update successed!)";
}else{
    echo "Hello.Geeker";
}

Solution

Refference

一道php代码审计题目的分析

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

challenge-45.md

challenge-45.md

Challenge

Solution

Refference

Files

challenge-45.md

Latest commit

History

challenge-45.md

File metadata and controls

Challenge

Solution

Refference