Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- PHP Posion Logs Writeup
- by DeathsPirate
- $who
- Points: 50
- Patch the PHP to remve the vulnerability. The format for the flag is "linenumber, patched code" Example: "9, fclose($File);"
- Challenge created by DigitalOutcast.
- <?php
- if ( !function_exists('writeLogs') ) :
- function writeLogs()
- {
- $IP = $_SERVER['REMOTE_ADDR'];
- $USERAGENT = strip_tags($_SERVER['HTTP_USER_AGENT']);
- $REF = strip_tags($_SERVER['HTTP_REFERER']);
- $URI = urldecode($_SERVER['REQUEST_URI']);
- $DOCROOT = $_SERVER['DOCUMENT_ROOT'];
- $file = fopen($DOCROOT . "/logs/" . date("mm-Y") . ".html","a");
- $Output = "$IP -> $USERAGENT : $REF : $URI";
- fwrite($file,$Output);
- fclose($file);
- }
- endif;
- ?>
- Solution:
- Look at line 9, $URI = urldecode($_SERVER['REQUEST_URI']);
- This variable is passed into the file here:
- $Output = "$IP -> $USERAGENT : $REF : $URI";
- We need it sanitised, so just don't urldecode it.
- This gives us the answer:
- 9, $URI = $_SERVER['REQUEST_URI'];
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
