swisskyrepo
/
Vulny-Code-Static-Analysis
mirror of https://github.com/swisskyrepo/Vulny-Code-Static-Analysis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Vulny-Code-Static-Analysis/vulns/assert.php

14 lines
341 B
PHP
Raw Permalink Normal View History

FEATURE: XPATH,LDAP,Assert, PGSQLi detection added
2017-05-29 20:02:00 +00:00
<?php
if (isset($_GET['page'])) {
$page = $_GET['page'];
} else {
$page = "home";
}
// I heard '..' is dangerous!
assert("strpos('templates/'" . $page . "'.php', '..') === false") or die("Detected hacking attempt!");
// TODO: Make this look nice
assert("file_exists('templates/'". $page . "'.php')") or die("That file doesn't exist!");
?>