<?php
if (isset ($_POST['submit'])) {
$url = $_POST['url'];
/* People tends to do funny things with curl. */
if (preg_match ('/[https?|[st]?ftp|dict|gopher|scp|telnet|ldaps?]\:\/\/.*(\d+|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})/i', $url)) {
die('Please do not access by IP.');
} elseif (preg_match ('/localhost/i', $url)) {
die ('Please do not access localhost.');
}
if (stripos ($url, '/', -1) !== '/') { $url .= '/'; }
$url .= 'index.php';
try {
$ch = curl_init ($url);
if (FALSE === $ch) {
throw new Exception('failed to initialize');
} elseif (defined('CURLOPT_IPRESOLVE') && defined('CURL_IPRESOLVE_V4')){
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$result = curl_exec($ch);
curl_close($ch);
} catch (Exception $e) {
trigger_error (sprintf ('Curl failed with #%d: %s', $e->getCode(), $e->getMessage()), E_USER_ERROR);
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>#WebSec Level Six</title>
<link rel="stylesheet" href="../static/bootstrap.min.css" />
<!-- 23:10:41 <Mantis> I have locked down flag.php - It can only be accessed locally. -->
</head>
<body>
<div id="main">
<div class="container">
<div class="row">
<h1>Level Six <small>- URL Grabber</small></h1>
</div>
<div class="row">
<p class="lead">
So we created a URL grabber which fetches remote URLs.<br />
Of course you can view the source code <a href="source.php">here</a>
</p>
</div>
</div>
<div class="container">
<div class="row">
<label for="url">Enter the URL you wish to fetch:</label>
<form class="form-inline" action="" method="post">
<div class="form-group">
<div class="input-group">
<div class="input-group-addon"><span class="glyphicon glyphicon-save" aria-hidden="true"></span></div>
<input type="text" name="url" id="url" placeholder="http://example.com/file_to_get" class="form-control" required/>
</div>
<input type="submit" name="submit" value="Submit" class="form-control btn btn-default" />
</div>
</form>
</div>
</div>
<?php if (isset($result) and !!$result): ?>
<hr>
<div class="container">
<div class="row">
<div class="well">
<?php echo $result; ?>
</div>
</div>
</div>
<?php endif ?>
</div>
</body>
</html>
preferences:
61.03 ms | 402 KiB | 5 Q