Thread: Any ideas about executing phpinfo() in this code snippet
View Single Post
  #1  
Old 12-28-2012, 00:46
XnHandt
 
Posts: n/a
Any ideas about executing phpinfo() in this code snippet
Audit this code snippet, control the input $_GET['search'], try to execute phpinfo()

I have googled a reference:
http://www.xfocus.net/articles/200605/866.html

I think preg_replace with /e and %00 should be useful... but do not know how

Any ideas will be appreciate.
Code:
<form action="" method="GET">
<input type="text" name="search">
<input type="submit" name="submit" value="Search">
</form><br />
 
<?php
if (isset($_GET['search'])){
	$search = htmlentities($_GET['search']);
	if (strpos($search, 'apple') !== false){
		echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "apple");
	}elseif (strpos($search, 'orange') !== false){
		echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "orange");
	}elseif (strpos($search, 'banana') !== false){
		echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "banana");
	}elseif (strpos($search, 'kiwi') !== false){
		echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "kiwi");
	}else echo "Please search for apple, orange, banana, or kiwi.";
}
?>
Reply With Quote