<?php
error_reporting(0);
highlight_file(__FILE__);
function filter($file)
{
if(preg_match('/compress|root|zip|convert|\.\.\/|http|https|data|data|rot13|base64|string/i',$file))
{
die('hacker!');
}
else
{
return $file;
}
}
$file=$_GET['file'];
echo "flag in flag.php!";
if(! is_file($file))
{
highlight_file(filter($file));
}
else
{
echo "hacker!";
}
?file=php://filter/resource=flag.php
打赏我,让我更有动力~
© 2016 - 2024 掌控者 All Rights Reserved.