Task # Task #4

Discussion in 'Задания/Квесты/CTF/Конкурсы' started by joelblack, 15 Feb 2019.

Page 3 of 3
  1. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    244
    Likes Received:
    450
    Reputations:
    145
    #41 joelblack, 4 Mar 2019
    dooble likes this.
  2. Тот_самый_Щуп

    Тот_самый_Щуп Reservists Of Antichat

    Joined:
    23 Mar 2017
    Messages:
    265
    Likes Received:
    173
    Reputations:
    119
    Следует фильтровать пользовательский инпут впринципе. Всегда, и везде.
     
    #42 Тот_самый_Щуп, 5 Mar 2019
    BillyBons, dooble and joelblack like this.
  3. dooble

    dooble Members of Antichat

    Joined:
    30 Dec 2016
    Messages:
    229
    Likes Received:
    596
    Reputations:
    145
    В данном конкретном случае достаточно
    Code:
        $imgName = $_GET['f'];
    if(file_exists($imgName)){
    заменить на
    Code:
        $imgName = './'.$_GET['f'];
    if(file_exists($imgName)){
    и использовать врапперы уже не получится.
     
    #43 dooble, 5 Mar 2019
    altblitz, eminlayer7788, rudi and 3 others like this.
  4. GTAlex

    GTAlex New Member

    Joined:
    7 Sep 2009
    Messages:
    48
    Likes Received:
    0
    Reputations:
    0
    А шелл с помощью врапперов на хост в данной ситуации можно залить? или "читалка" это предел возможностей?
     
    #44 GTAlex, 28 Sep 2019
(You must log in or sign up to post here.)
Page 3 of 3
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.