source.php
<html>
<head>
<title>Extensions?</title>
</head>
<body>
<p>source code: <a href="./index.php~">index.php~</a></p>
<br/>
<form action="index.php" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>
<br />
<?php
error_reporting(0);
$output = array ();
$errors = array ();
$savePath = "upload";
if (isset ( $_FILES ['file'] ) && $_FILES ["file"] ["error"] == UPLOAD_ERR_OK) {
$fileName = $_FILES ['file'] ['name'];
$fileSize = $_FILES ['file'] ['size'];
$fileTemp = $_FILES ['file'] ['tmp_name'];
$fileType = $_FILES["file"]["type"] ;
$fileExt = pathinfo ( $fileName, PATHINFO_EXTENSION );
$fileExt = strtolower ( $fileExt );
if (preg_match("/php$/i", $fileExt)) {
$errors [] = "Invalid File Extention";
}
if ($fileSize > 800*1024) {
$errors [] = "File Too large";
}
if (! is_writable ( $savePath )) {
$errors [] = "File Destination not writeable";
}
$fileDst = $savePath . DIRECTORY_SEPARATOR . $fileName;
$filePrifix = basename ( $fileName, "." . $fileExt );
if(file_exists($fileDst)) {
$errors [] = "Filename exists";
}
if (count ( $errors ) == 0) {
if (@move_uploaded_file ( $fileTemp, $fileDst )) {
$output['Destination'] = $fileDst;
} else {
$errors [] = "Error Saving File";
}
}
if(count($errors) > 0)
{
echo "<h2>Upload Error</h2>" ;
foreach ($errors as $error){
echo $error , "<br/>" ;
}
}else{
echo "<h2>File Uploaded</h2>" ;
foreach ($output as $key => $value){
echo $key . ": <a href=\"./$value\">" .$value , "</a><br/>" ;
}
}
}
?>
</body>
</html>
확장자가 php인지만 검증한다. 그냥 실행가능한 다른 확장자 찾아주면 된다.
'Wargame > chall.tasteless.eu' 카테고리의 다른 글
| chall.tasteless.eu Level 12- Goldjunge (0) | 2019.09.02 |
|---|---|
| chall.tasteless.eu Level 9- In My Dreams (0) | 2019.09.02 |
| chall.tasteless.eu Level 20 Do you comment? (0) | 2018.10.14 |
| chall.tasteless.eu Level 8 Unsolvable (0) | 2018.10.14 |
| chall.tasteless.eu Level 5 Fred CMS (0) | 2018.10.14 |
JeonYoungSin
메모 기록용 공간