<?php
$_GET['page'] = '\',\'asd\')&& phpinfo() && strpos(\'asd\', \'';
if (isset($_GET['page'])) {
$page = $_GET['page'];
} else {
$page = "home";
}
$file = "templates/" . $page . ".php";
echo "strpos('$file', '..') === false";
// I heard '..' is dangerous!
assert("strpos('$file', '..') === false") or die("Detected hacking attempt!");
// TODO: Make this look nice
assert("file_exists('$file')") or die("That file doesn't exist!");
- Output for 8.0.0 - 8.0.30, 8.1.0 - 8.1.29, 8.2.0 - 8.2.21, 8.3.0 - 8.3.9
- strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false
- Output for 7.2.0 - 7.2.33, 7.3.0 - 7.3.31, 7.4.0 - 7.4.33
- strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false
Deprecated: assert(): Calling assert() with a string argument is deprecated in /in/tpdi9 on line 15
Warning: assert(): assert("strpos('$file', '..') === false"): "strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false" failed in /in/tpdi9 on line 15
Detected hacking attempt!
- Output for 7.0.0 - 7.0.33, 7.1.0 - 7.1.33, 7.3.32 - 7.3.33
- strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false
Warning: assert(): assert("strpos('$file', '..') === false"): "strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false" failed in /in/tpdi9 on line 15
Detected hacking attempt!
- Output for 5.6.0 - 5.6.40
- strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false
Warning: assert(): Assertion "strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false" failed in /in/tpdi9 on line 15
Detected hacking attempt!
preferences:
160.34 ms | 403 KiB | 298 Q