#1
|
|||
|
|||
Any ideas about executing phpinfo() in this code snippet
Audit this code snippet, control the input $_GET['search'], try to execute phpinfo()
I have googled a reference: http://www.xfocus.net/articles/200605/866.html I think preg_replace with /e and %00 should be useful... but do not know how Any ideas will be appreciate. Code:
<form action="" method="GET"> <input type="text" name="search"> <input type="submit" name="submit" value="Search"> </form><br /> <?php if (isset($_GET['search'])){ $search = htmlentities($_GET['search']); if (strpos($search, 'apple') !== false){ echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "apple"); }elseif (strpos($search, 'orange') !== false){ echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "orange"); }elseif (strpos($search, 'banana') !== false){ echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "banana"); }elseif (strpos($search, 'kiwi') !== false){ echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "kiwi"); }else echo "Please search for apple, orange, banana, or kiwi."; } ?> |
Tags |
audit php |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Code snippet for Base34 Encoding | TempoMat | General Discussion | 11 | 03-29-2020 17:58 |
Code timing snippet | Git | Developer Section | 5 | 01-05-2018 02:05 |
How to execute a snippet of code before the main execution! | Android | General Discussion | 8 | 10-04-2006 01:22 |