<?php
$allowed = array('txt', 'docx');
print "\n\$_REQUEST:"; var_dump($_REQUEST);
//o$a="txt.$php";
//echo "test${a}test\n";
$zzfile="lol.php"
//$zzfile = $_REQUEST['zzfile'];
$filename = basename($zzfile);
//$filename = $zzfile;
print "\nfilename:\n";
var_dump($filename);
if (preg_match('#\.(.+)$#', $filename, $matches) && isset($matches[1]) && !in_array($matches[1], $allowed))
die("Extension ${matches[1]} is not allowed!");
echo "\nmatches:"; var_dump($matches);
preg_match('#.#', $filename, $met);
print("\nmet:\n");
var_dump($met);
if (strrpos($filename, '.') !== false) //zwraca od pierwszej kropki od prawej do konca + end
$ext = substr($filename, strrpos($filename, '.'));
else
$ext = '';
$newfile = "flag$ext";
echo "Reading <strong>$newfile</strong>...";
// Hint: the flag is in flag.php
echo '<pre>';
readfile($newfile);
echo '</pre>';
?>
- Output for 7.0.0 - 7.0.20, 7.1.0 - 7.1.6
- Parse error: syntax error, unexpected '$filename' (T_VARIABLE) in /in/hp1CX on line 8
Process exited with code 255.
preferences:
200.59 ms | 1395 KiB | 35 Q