Try to RCE it!
a very strange bypass problem, but if u r good enough (unlike me), you sure can bypass it :)
easy peasy!
The WAF code is here:
<?php
highlight_file(__FILE__);
echo $_GET['code'];
if(isset($_GET['code'])){
$code = $_GET['code'];
if(strlen($code) > 70 or preg_match('/[A-Za-z0-9]|\'|"|`|\ |,|\.|-|\+|=|\/|\\|<|>|\$|\?|\^|&|\|/ixm',$code)){
die('<script>alert(\'Failed\');</script>');
}
else if(';' === preg_replace('/[^\s\(\)]+?\((?R)?\)/', '', $code)){
eval($code);
die();
}
}
?>
Can U Bypass it?
Happy Trying :)
Aucun commentaire:
Enregistrer un commentaire