Add files via upload

2018-11-27 16:32:50 +03:00 · 2018-11-27 16:32:50 +03:00 · 424ee79fa0
commit 424ee79fa0
parent f9e1e991d1
11 changed files with 195 additions and 0 deletions
--- a/FileInclusion/answers.txt
+++ b/FileInclusion/answers.txt
@ -0,0 +1,22 @@
+lvl1:
+	Local; 
+		hint1: {=.\hint1.php}   
+		hint2: {=.\dont open\hint2\hint2.php}
+		hint3: {=..\hint3\hint3.txt}
+
+lvl2:
+	Local;
+		hint1: {=.\hint1.php}   
+		hint2: {=.\dont open\hint2\hint2.php}
+		hint3: {=C:/xampp/htdocs/FileInclusion/hint3/hint3.txt}
+
+
+	remote;
+		{htTpS://www.google.com} {htTp://www.google.com} 
+		
+
+lvl3:
+	Local; X  
+		
+	Remote;	X
+		
--- a/FileInclusion/hint3/hint3.txt
+++ b/FileInclusion/hint3/hint3.txt
@ -0,0 +1,7 @@
+<html>
+<body>
+	<p>
+	<div align="center"><b><h3><i> “ You Shall Not Pass!!! ”</i></h3></b></div> 
+	<div align="center"><b><h4> You found one!!</h4></b></div> 
+</body>
+</html>
--- a/FileInclusion/info.php
+++ b/FileInclusion/info.php
@ -0,0 +1,3 @@
+<?php
+phpinfo();
+?>
--- a/FileInclusion/pages/1.php
+++ b/FileInclusion/pages/1.php
@ -0,0 +1,6 @@
+<html>
+<body>
+	<p>
+	<div align="center"><b><h3> Why Dont You Click the Other Button??</h3></b></div> 
+</body>
+</html>
--- a/FileInclusion/pages/2.php
+++ b/FileInclusion/pages/2.php
@ -0,0 +1,7 @@
+<html>
+<body>
+	<p>
+	<div align="center"><b><h3> Did you notice anything changed? Browse the site.</h3></b></div> 
+	<!-- "There are 3 hints under the File Inclusion folder. Try to find them all in different difficulty levels. " <!-->
+</body>
+</html>
--- a/FileInclusion/pages/dont
+++ b/FileInclusion/pages/dont
@ -0,0 +1,7 @@
+s<html>
+<body>
+	<p>
+	<div align="center"><b><h3><i> “ A day may come when the courage of men fails… but it is not this day. ”</i></h3></b></div>
+	<div align="center"><b><h4> You found one!!</h4></b></div>  
+</body>
+</html>
--- a/FileInclusion/pages/hint1.php
+++ b/FileInclusion/pages/hint1.php
@ -0,0 +1,7 @@
+<html>
+<body>
+	<p>
+	<div align="center"><b><h3><i> “ Even the smallest person can change the course of the future. ”</i></h3></b></div>
+	<div align="center"><b><h4> You found one!!</h4></b></div>   
+</body>
+</html>
--- a/FileInclusion/pages/lvl1.php
+++ b/FileInclusion/pages/lvl1.php
@ -0,0 +1,26 @@
+<html>
+   
+   <head>
+      <meta charset="utf-8">
+      <title> Level 1 </title>
+   </head>
+
+   <body>
+      <div align="center"><b><h3>This is Level 1</h3></b></div>
+
+      <div align="center">
+      <a href=lvl1.php?file=1.php><button>Show 1</button></a>
+      <a href=lvl1.php?file=2.php><button>Show 2</button></a>
+      </div>
+      <?php
+         
+        echo "</br></br>";
+        
+        if (isset( $_GET[ 'file' ]))        
+         
+         include($_GET['file']);       
+      ?>
+   
+   </body>
+</html>
+
--- a/FileInclusion/pages/lvl2.php
+++ b/FileInclusion/pages/lvl2.php
@ -0,0 +1,37 @@
+<html>
+   
+   <head>
+      <meta charset="utf-8">
+      <title> Level 2 </title>
+   </head>
+
+   <body>
+      <div align="center"><b><h3>This is Level 2</h3></b></div>
+		
+	  <div align="center">
+      <a href=lvl2.php?file=1.php><button>Show 1</button></a>
+      <a href=lvl2.php?file=2.php><button>Show 2</button></a>
+	  </div>
+      <?php
+         
+        echo "</br></br>";
+
+        if (isset( $_GET[ 'file' ])) 
+        {
+          $secure2 = $_GET[ 'file' ];
+         
+          $secure2 = str_replace( array( "..\\" , ".\\"),"", $secure2 );
+          
+          $secure2 = str_replace( array( "http://" , "https://" ),"", $secure2 );
+            
+            if (isset($secure2)) 
+            {        
+              include($secure2);
+              
+            }
+        }
+                
+      ?>
+   </body>
+</html>
+
--- a/FileInclusion/pages/lvl3.php
+++ b/FileInclusion/pages/lvl3.php
@ -0,0 +1,38 @@
+<html>
+   
+   <head>
+      <meta charset="utf-8">
+      <title> Level 3 </title>
+   </head>
+
+   <body>
+       <div align="center"><b><h3>This is Level 3</h3></b></div>
+		
+	   <div align="center">
+      <a href=lvl3.php?file=1.php><button>Show 1</button></a>
+      <a href=lvl3.php?file=2.php><button>Show 2</button></a>
+	  </div>
+      <?php
+         
+        echo "</br></br>";
+
+        if (isset( $_GET[ 'file' ])) 
+        {
+          $secure3 = $_GET[ 'file' ];
+
+          $secure3 = strtolower($secure3); #There is no uppercase in the FileInclusion folder.
+          
+		  $secure3 = str_replace( array(  "..",  "\\" , "..\\" , ":", "/", "%" ), "", $secure3 );
+          $secure3 = str_replace( array( "http://" , "https://" ),"", $secure3 );  
+            
+            if (isset($secure3)) 
+            {        
+              include($secure3);
+              
+            }
+        }
+                
+      ?>
+   </body>
+</html>
+
--- a/FileInclusion/pages/main.php
+++ b/FileInclusion/pages/main.php
@ -0,0 +1,35 @@
+<html>
+   
+   <head>
+      <meta charset="utf-8">
+      <title> File Inclusion </title>
+   </head>
+
+   <body>
+     <div align="center"><b><h1><i>Welcome to File Inclusion Page</i></h1></br></div>
+     
+           
+      <div align="center"><b><h3>Select Difficulty</h3></b></div>
+      
+      <div align="center">
+      <a href=main.php?page=lvl1.php><button>Level 1</button></a>
+      <a href=main.php?page=lvl2.php><button>Level 2</button></a>
+      <a href=main.php?page=lvl3.php><button>Level 3</button></a>
+      </div>
+     
+      
+      <?php
+         
+        echo "</br></br>";
+
+
+         if (isset($_GET['page']) )
+          { 
+            $secure = $_GET['page'];
+            include($secure); 
+            exit();
+          }                                 
+      ?>
+   </body>
+</html>
+