-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.php
27 lines (24 loc) · 841 Bytes
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<?php
echo "This web application is vulnerable to RCE on <b>code</b> POST argument. Find a way to execute <b>cat /etc/passwd</b> bypassing input validation.<br>\n";
echo "Example: curl -d 'code=id' http://".$_SERVER["HTTP_HOST"]."/index.php <br><br>\n\n";
error_reporting(0);
$blacklist = [
"alias","eval","bash","sh","bin","usr","etc","pass","src","source","ls","nc","apt","cat","more","less","vi","vim"
];
if(!preg_match('#[;/"\'&|()\-:.\s\t\n`<>=]#', urldecode($_POST["code"]))) {
$allowed = true;
foreach($blacklist as $k => $v) {
if(preg_match('#'.$v.'#', urldecode($_POST["code"]))) {
$allowed = false;
}
}
if($allowed) {
print_r($_POST);
system($_POST["code"]);
} else {
echo "Input contains blacklisted common Unix commands or paths\n";
}
} else {
echo "Character not allowed\n";
}
?>