Audit this code snippet, control the input $_GET['search'], try to execute phpinfo()
I have googled a reference:
http://www.xfocus.net/articles/200605/866.html
I think preg_replace with /e and %00 should be useful... but do not know how
Any ideas will be appreciate.
Code:
<form action="" method="GET">
<input type="text" name="search">
<input type="submit" name="submit" value="Search">
</form><br />
<?php
if (isset($_GET['search'])){
$search = htmlentities($_GET['search']);
if (strpos($search, 'apple') !== false){
echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "apple");
}elseif (strpos($search, 'orange') !== false){
echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "orange");
}elseif (strpos($search, 'banana') !== false){
echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "banana");
}elseif (strpos($search, 'kiwi') !== false){
echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "kiwi");
}else echo "Please search for apple, orange, banana, or kiwi.";
}
?>