编程语言
首页 > 编程语言> > 云演CTF: 010.php4fun

云演CTF: 010.php4fun

作者:互联网

云演CTF: 010.php4fun

题目给出源码备份"index.bak":

<?php
function filter($v){
  echo $v;
  $w = array('<','>','\.\.','^/+.*','file:///','php://','data://','zip://','ftp://','phar://','zlib://','glob://','expect://','http://','https://');
  $w = implode('|',$w);
  if(preg_match('#' . $w . '#i',$v) !== 0){
    die("<br>not that easy.");
    exit();
  }
  return $v;
}

function get_posts(){
$dir=scandir(".");
d i r = a r r a y f i l t e r ( s c a n d i r ( ′ . ′ ) , f u n c t i o n ( dir = array_filter(scandir('.'), function( dir=arrayf​ilter(scandir(′.′),function(item) {
return !is_dir(’./’ . $item);
});
p o s t s = a r r a y ( ) ; f o r e a c h ( posts=array(); foreach( posts=array();foreach(dir as KaTeX parse error: Expected '}', got 'EOF' at end of input: v){ if(v!=="." && KaTeX parse error: Expected 'EOF', got '&' at position 10: v!==".." &̲amp;&amp; (strp…v,’.php’)===false)){
p o s t s [ ] = a r r a y ( posts[]=array( posts[]=array(v,substr(file_get_contents("$v"),0,10));
}
}
return $posts;
}

function get_post(KaTeX parse error: Expected '}', got 'EOF' at end of input: … return array(name,@file_get_contents(filter($name)));
}

?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html>
<head>
<title>php4fun</title>
</head>
<body>
<div class=“content”>
<div class=“toph”></div>
<div class=“center”>
<h1>have fun with php</h1>
<?php
if(!@$_GET[‘p’]){
foreach(get_posts() as KaTeX parse error: Expected '}', got '&' at position 34: … ' &̲lt;h2&gt;&lt;a …v[0].’">’.KaTeX parse error: Expected 'EOF', got '&' at position 7: v[0].'&̲lt;/a&gt;&lt;/h…v[1].’
<p class=“date”> <a href="?p=’.KaTeX parse error: Expected 'EOF', got '&' at position 8: v[0].'"&̲gt;Read more&lt…v=get_post(@KaTeX parse error: Expected '}', got '&' at position 41: … ' &̲lt;h2&gt;'.v[0].’</h2>
‘.$v[1].’
<p class=“date”><a href="./">Back</a> </p>
<br />
';
}
?>
</div>
<div class=“footer”></div>
</div>
<!-- see index.bak -->
</body>
</html>

标签: none


标签:php4fun,get,posts,010,CTF,KaTeX,Expected,got,array
来源: https://blog.csdn.net/wanguixiu/article/details/117766476