Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Any ideas about executing phpinfo() in this code snippet (https://forum.exetools.com/showthread.php?t=14700)

XnHandt 12-28-2012 00:46
Any ideas about executing phpinfo() in this code snippet
 
Audit this code snippet, control the input $_GET['search'], try to execute phpinfo()

I have googled a reference:
http://www.xfocus.net/articles/200605/866.html

I think preg_replace with /e and %00 should be useful... but do not know how

Any ideas will be appreciate.
Code:
<form action="" method="GET">
<input type="text" name="search">
<input type="submit" name="submit" value="Search">
</form><br />
 
<?php
if (isset($_GET['search'])){
        $search = htmlentities($_GET['search']);
        if (strpos($search, 'apple') !== false){
                echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "apple");
        }elseif (strpos($search, 'orange') !== false){
                echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "orange");
        }elseif (strpos($search, 'banana') !== false){
                echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "banana");
        }elseif (strpos($search, 'kiwi') !== false){
                echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "kiwi");
        }else echo "Please search for apple, orange, banana, or kiwi.";
}
?>


All times are GMT +8. The time now is 07:59.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX