Paul
/
Security-VM
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added all image site exercises

Browse Source
Paul Wagener 11 years ago
parent 866f5328a9
commit 776c40a14d
9 changed files with 117 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. BIN
      image/bobross.jpg
  2. 4
      image/image.php
  3. 10
      image/image_check_prefix.php
  4. 8
      image/image_remove_traversal.php
  5. 50
      image/index_more_pages.php
  6. 42
      image/index_no_public_uploads.php
  7. 1
      image/login.php
  8. 1
      image/register.php
  9. 4
      index.php

BIN
image/bobross.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 429 KiB

4
image/image.php
Unescape View File

@ -1,7 +1,5 @@
<?php <?php
header('Content-Type: image/jpeg'); echo file_get_contents('../../' . $_GET['file']);
echo file_get_contents($_GET['file']);
?> ?>

10
image/image_check_prefix.php
Unescape View File

@ -0,0 +1,10 @@
<?php
// Controleer of de string begint met 'uploads'
if(substr($_GET['file'], 0, 7) == 'uploads') {
echo file_get_contents('../../' . $_GET['file']);
} else {
echo "Bestand moet in uploads map staan!";
}
?>

8
image/image_remove_traversal.php
Unescape View File

@ -0,0 +1,8 @@
<?php
// Remove '../' from the URL
$file = str_replace('../', '', $_GET['file']);
echo file_get_contents('../../'.$file);
?>

50
image/index_more_pages.php
Unescape View File

@ -0,0 +1,50 @@
<?php
if($_FILES) {
move_uploaded_file($_FILES["file"]["tmp_name"], "../../uploads/" . $_FILES["file"]["name"]);
}
?><!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>imgr: the simple image sharer</title>
<link rel="stylesheet" href="/themes/css/bootstrap.min.css" media="screen"/>
<link rel="stylesheet" href="/themes/css/imgr.css" media="screen"/>
<!-- De code in dit bestand is met opzet slecht en zeer onveilig opgezet.
GEBRUIK DEZE CODE NIET als referentiemateriaal voor je eigen PHP projecten! -->
</head>
<body class="row-fluid">
<div id="site-header">
<img src="/themes/images/imgr.png" class="offset1">
<a href="index_more_pages.php?include=login.php">Inloggen</a>
<a href="index_more_pages.php?include=register.php">Registreren</a>
</div>
<div class="panel span6 offset1 images">
<?php
if(isset($_GET['include'])) {
if(substr($_GET['include'], -4) == '.php') {
include($_GET['include']);
} else {
echo 'Dit is geen PHP bestand';
}
} else {
echo "<p>Wegens een security probleem in onze site kun je tijdelijk geen afbeeldingen bekijken.</p>";
}
?>
</div>
<div class="panel span4">
<form enctype="multipart/form-data" method="POST">
<input type="file" name="file">
<button type="submit">Upload afbeelding</button>
</form>
</div>
</body>
</html>

42
image/index_no_public_uploads.php
Unescape View File

@ -0,0 +1,42 @@
<?php
if($_FILES) {
move_uploaded_file($_FILES["file"]["tmp_name"], "../../uploads/" . $_FILES["file"]["name"]);
}
?><!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>imgr: the simple image sharer</title>
<link rel="stylesheet" href="/themes/css/bootstrap.min.css" media="screen"/>
<link rel="stylesheet" href="/themes/css/imgr.css" media="screen"/>
<!-- De code in dit bestand is met opzet slecht en zeer onveilig opgezet.
GEBRUIK DEZE CODE NIET als referentiemateriaal voor je eigen PHP projecten! -->
</head>
<body class="row-fluid">
<div id="site-header">
<img src="/themes/images/imgr.png" class="offset1">
</div>
<div class="panel span6 offset1 images">
<div class="header">The <em>meest recente</em> plaatjes van vandaag:</div>
<?php
foreach ( glob('../../uploads/*') as $image ) {
$image = 'image.php?file=uploads/' . basename($image);
echo '<a href="'.$image.'"><img src="'.$image.'"></a>';
}
?>
</div>
<div class="panel span4">
<form enctype="multipart/form-data" method="POST">
<input type="file" name="file">
<button type="submit">Upload afbeelding</button>
</form>
</div>
</body>
</html>

1
image/login.php
Unescape View File

@ -0,0 +1 @@
Binnenkort kunt u hier inloggen

1
image/register.php
Unescape View File

@ -0,0 +1 @@
Binnenkort kunt u hier registreren

4
index.php
Unescape View File

@ -11,5 +11,9 @@ De virtuele machine werkt! Lees de opgave om te beginnen met hacken.
<a href="/nieuws/users.php">Nieuws (users)</a><br> <a href="/nieuws/users.php">Nieuws (users)</a><br>
<a href="/nieuws/login.php">Nieuws (login)</a> <a href="/nieuws/login.php">Nieuws (login)</a>
<h2><a href="/image/">Image</a></h2>
<a href="/image/index_no_public_uploads.php">Image 2</a><br>
<a href="/image/index_more_pages.php">Image 3</a>
<hr> <hr>
<footer>Laatste update: <?php echo `git log -1 --format="%cd"`; ?></footer> <footer>Laatste update: <?php echo `git log -1 --format="%cd"`; ?></footer>
Write Preview
Loading…
Cancel
Save