<?php if (isset ($_POST['submit'])) { $url = $_POST['url']; /* People tends to do funny things with curl. */ if (preg_match ('/[https?|[st]?ftp|dict|gopher|scp|telnet|ldaps?]\:\/\/.*(\d+|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})/i', $url)) { die('Please do not access by IP.'); } elseif (preg_match ('/localhost/i', $url)) { die ('Please do not access localhost.'); } if (stripos ($url, '/', -1) !== '/') { $url .= '/'; } $url .= 'index.php'; try { $ch = curl_init ($url); if (FALSE === $ch) { throw new Exception('failed to initialize'); } elseif (defined('CURLOPT_IPRESOLVE') && defined('CURL_IPRESOLVE_V4')){ curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); } curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); curl_close($ch); } catch (Exception $e) { trigger_error (sprintf ('Curl failed with #%d: %s', $e->getCode(), $e->getMessage()), E_USER_ERROR); } } ?> <!DOCTYPE html> <html> <head> <title>#WebSec Level Six</title> <link rel="stylesheet" href="../static/bootstrap.min.css" /> <!-- 23:10:41 <Mantis> I have locked down flag.php - It can only be accessed locally. --> </head> <body> <div id="main"> <div class="container"> <div class="row"> <h1>Level Six <small>- URL Grabber</small></h1> </div> <div class="row"> <p class="lead"> So we created a URL grabber which fetches remote URLs.<br /> Of course you can view the source code <a href="source.php">here</a> </p> </div> </div> <div class="container"> <div class="row"> <label for="url">Enter the URL you wish to fetch:</label> <form class="form-inline" action="" method="post"> <div class="form-group"> <div class="input-group"> <div class="input-group-addon"><span class="glyphicon glyphicon-save" aria-hidden="true"></span></div> <input type="text" name="url" id="url" placeholder="http://example.com/file_to_get" class="form-control" required/> </div> <input type="submit" name="submit" value="Submit" class="form-control btn btn-default" /> </div> </form> </div> </div> <?php if (isset($result) and !!$result): ?> <hr> <div class="container"> <div class="row"> <div class="well"> <?php echo $result; ?> </div> </div> </div> <?php endif ?> </div> </body> </html>
You have javascript disabled. You will not be able to edit any code.