code

code


<?php

//flag在/flag中

error_reporting(0);

$cmd = $_GET['cmd'];

function check(){

    global $cmd;

    $blacklist = ["print"," ","exit","die","eval","[","]","*","'","\"","`","echo"];

    $blacklist = array_merge($blacklist, get_defined_functions()['internal']);

    foreach($blacklist as $i){

        if (preg_match ('/' . $i . '/im', $cmd)) {

            echo "Your cmd is in blacklist" . "<br>";

            return true;

            break;

        }

    }

    return false;

}



$file=$_GET['file'];

if(is_file($file)){

    echo "You can't use inner file" . "<br>";

}

else{

    if(file_exists($file)){

        if(check()){

            echo "Stop hack!!!" . "<br>";

        }else{

            eval($cmd);

        }

    }else{

        echo "file isn't exist" . "<br>";

    }


}

highlight_file(__FILE__);

?>
Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org