[0CTF 2016] piapiapia

时间:2021-08-09 23:36:52

这里简单记录其中精髓

首先打开是一个登陆页面

dirsearch扫描到了源码备份

update.php

1 <?php 2 require_once(‘class.php‘); 3 if($_SESSION[‘username‘] == null) { 4 die(‘Login First‘); 5 } 6 if($_POST[‘phone‘] && $_POST[‘email‘] && $_POST[‘nickname‘] && $_FILES[‘photo‘]) { 7 8 $username = $_SESSION[‘username‘]; 9 if(!preg_match(‘/^\d{11}$/‘, $_POST[‘phone‘])) 10 die(‘Invalid phone‘); 11 12 if(!preg_match(‘/^[_a-zA-Z0-9]{1,10}@[_a-zA-Z0-9]{1,10}\.[_a-zA-Z0-9]{1,10}$/‘, $_POST[‘email‘])) 13 die(‘Invalid email‘); 14 15 if(preg_match(‘/[^a-zA-Z0-9_]/‘, $_POST[‘nickname‘]) || strlen($_POST[‘nickname‘]) > 10) 16 die(‘Invalid nickname‘); 17 18 $file = $_FILES[‘photo‘]; 19 if($file[‘size‘] < 5 or $file[‘size‘] > 1000000) 20 die(‘Photo size error‘); 21 22 move_uploaded_file($file[‘tmp_name‘], ‘upload/‘ . md5($file[‘name‘])); 23 $profile[‘phone‘] = $_POST[‘phone‘]; 24 $profile[‘email‘] = $_POST[‘email‘]; 25 $profile[‘nickname‘] = $_POST[‘nickname‘]; 26 $profile[‘photo‘] = ‘upload/‘ . md5($file[‘name‘]); 27 28 $user->update_profile($username, serialize($profile)); 29 echo ‘Update Profile Success!<a href="http://www.mamicode.com/profile.php">Your Profile</a>‘; 30 } 31 else { 32 ?> 33 <!DOCTYPE html> 34 <html> 35 <head> 36 <title>UPDATE</title> 37 <link href="http://www.mamicode.com/static/bootstrap.min.css"> 38 <script src="http://www.mamicode.com/static/jquery.min.js"></script> 39 <script src="http://www.mamicode.com/static/bootstrap.min.js"></script> 40 </head> 41 <body> 42 <div class="container"> 43 <form action="update.php" method="post" enctype="multipart/form-data" class="well"> 44 <img src="http://www.mamicode.com/static/piapiapia.gif" class="img-memeda "> 45 <h3>Please Update Your Profile</h3> 46 <label>Phone:</label> 47 <input type="text"class="span3"/> 48 <label>Email:</label> 49 <input type="text"class="span3"/> 50 <label>Nickname:</label> 51 <input type="text" class="span3"> 52 <label for="file">Photo:</label> 53 <input type="file"class="span3"/> 54 <button type="submit" class="btn btn-primary">UPDATE</button> 55 </form> 56 </div> 57 </body> 58 </html> 59 <?php 60 } 61 ?>

profile.php

<?php require_once(‘class.php‘); if($_SESSION[‘username‘] == null) { die(‘Login First‘); } $username = $_SESSION[‘username‘]; $profile=$user->show_profile($username); if($profile == null) { header(‘Location: update.php‘); } else { $profile = unserialize($profile); $phone = $profile[‘phone‘]; $email = $profile[‘email‘]; $nickname = $profile[‘nickname‘]; $photo = base64_encode(file_get_contents($profile[‘photo‘])); ?> <!DOCTYPE html> <html> <head> <title>Profile</title> <link href="http://www.mamicode.com/static/bootstrap.min.css"> <script src="http://www.mamicode.com/static/jquery.min.js"></script> <script src="http://www.mamicode.com/static/bootstrap.min.js"></script> </head> <body> <div class="container"> <img src="data:image/gif;base64,<?php echo $photo; ?>" class="img-memeda "> <h3>Hi <?php echo $nickname;?></h3> <label>Phone: <?php echo $phone;?></label> <label>Email: <?php echo $email;?></label> </div> </body> </html> <?php } ?>

class.php

相关文章