代码审计
<?phperror_reporting(0);highlight_file(__FILE__);$url=$_POST['url'];$x=parse_url($url);if($x['scheme']==='http'||$x['scheme']==='https'){$host=$x['host'];if((strlen($host)<=3))//继续对ip/域名长度限制{$ch=curl_init($url);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);$result=curl_exec($ch);curl_close($ch);echo ($result);}else{die('hacker');}}else{die('hacker');}?>
还是上一题的用特殊方法进行绕过
#POST方法 url=http://0/flag.php
若有收获,就点个赞吧
0 人点赞
