@ 2016-01-06T06:12:58Z <?php
$allowed = array('txt', 'docx');
$zzfile = "flag.%0a%e2%90%A4%09%08php";
$filename = $zzfile;
print "\nfilename:\n";
var_dump($filename);
if (preg_match('#\.(.+)$#', $filename, $matches) && isset($matches[1]) && !in_array($matches[1], $allowed))
die("Extension ${matches[1]} is not allowed!");
echo "\nmatches:"; var_dump($matches);
if (strrpos($filename, '.') !== false) //zwraca od pierwszej kropki od prawej do konca + end
$ext = substr($filename, strrpos($filename, '.'));
else
$ext = '';
$newfile = "flag$ext";
print $newfile;
echo "Reading <strong>$newfile</strong>...";
// Hint: the flag is in flag.php
echo '<pre>';
readfile($newfile);
echo '</pre>';
?>
Enable javascript to submit You have javascript disabled. You will not be able to edit any code.
Output for 8.2.0 - 8.2.18 , 8.3.0 - 8.3.6 Deprecated: Using ${var} in strings is deprecated, use {$var} instead in /in/1c5LS on line 8
filename:
string(26) "flag.%0a%e2%90%A4%09%08php"
Extension %0a%e2%90%A4%09%08php is not allowed! Output for 5.5.24 - 5.5.35 , 5.6.8 - 5.6.28 , 7.0.0 - 7.0.20 , 7.1.0 - 7.1.20 , 7.2.5 - 7.2.33 , 7.3.16 - 7.3.33 , 7.4.0 - 7.4.33 , 8.0.0 - 8.0.30 , 8.1.0 - 8.1.28 filename:
string(26) "flag.%0a%e2%90%A4%09%08php"
Extension %0a%e2%90%A4%09%08php is not allowed! preferences:dark mode live preview
148.04 ms | 404 KiB | 182 Q