<?php
$allowed = array('txt', 'docx');
print "\n\$_REQUEST:"; var_dump($_REQUEST);
//o$a="txt.$php";
//echo "test${a}test\n";
if (isset($_REQUEST['zzfile'])) {
$zzfile = $_REQUEST['zzfile'];
//$filename = basename($zzfile);
$filename = $zzfile;
print "\nfilename:\n";
var_dump($filename);
if (preg_match('#\.(.+)$#', $filename, $matches) && isset($matches[1]) && !in_array($matches[1], $allowed))
die("Extension ${matches[1]} is not allowed!");
echo "\nmatches:"; var_dump($matches);
preg_match('#.#', $filename, $met);
print("\nmet:\n");
var_dump($met);
if (strrpos($filename, '.') !== false) //zwraca od pierwszej kropki od prawej do konca + end
$ext = substr($filename, strrpos($filename, '.'));
else
$ext = '';
$newfile = "flag$ext";
echo "Reading <strong>$newfile</strong>...";
// Hint: the flag is in flag.php
echo '<pre>';
readfile($newfile);
echo '</pre>';
}
?>
- Output for 8.2.0 - 8.2.17, 8.3.0 - 8.3.4
- Deprecated: Using ${var} in strings is deprecated, use {$var} instead in /in/9gM6R on line 13
$_REQUEST:array(0) {
}
- Output for 5.5.0 - 5.5.38, 5.6.0 - 5.6.40, 7.0.0 - 7.0.33, 7.1.0 - 7.1.33, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.27
- $_REQUEST:array(0) {
}
preferences:
220.86 ms | 403 KiB | 324 Q