This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* PpSessionクラス */ | |
class PpSession { | |
protected $timeout; // セッションタイムアウト時間 | |
// セッション存在チェック |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* クラスSomeClassを定義 */ | |
class SomeClass{ | |
// privateな値を保存するコンテナ(プロパティ) | |
private $values = array(); | |
// privateなコンテナ(プロパティ)へのアクセサ(メソッド)getter |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* 文字列中のnullバイトを削除する関数 | |
* 引数が配列の場合は、配列の要素に対して再帰的に処理を行う | |
*/ | |
function delete_null_byte($value){ | |
if (is_string($value) === true) { | |
$value = str_replace("\0", "", $value); | |
} elseif (is_array($value) === true) { | |
$value = array_map('delete_null_byte', $value); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* 文字列中のnullバイトを削除する関数 | |
* 引数が配列の場合は、配列の要素に対して再帰的に処理を行う | |
*/ | |
function delete_null_byte($value){ | |
if (is_string($value) === true) { | |
$value = str_replace("\0", "", $value); | |
} elseif (is_array($value) === true) { | |
$value = array_map('delete_null_byte', $value); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* このプログラムは脆弱性のサンプルです。 | |
* 公開サーバに設置しないで下さい | |
*/ | |
if (isset($_GET['file']) === true && $_GET['file'] !== '') { | |
// GET変数で指定されたファイルが /var/www/html に存在すれば内容を出力 | |
$file = '/var/www/html/' .$_GET['file']; | |
if (file_exists($file) === true) { | |
readfile($file); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
if (isset($_GET['file']) === true && $_GET['file'] !== '') { | |
// 指定されたファイルがfile1かfile2でなければ処理終了 | |
if (! in_array($_GET['file'], array('file1', 'file2'))) { | |
exit(); | |
} | |
// GET変数で指定されたファイルが /var/www/html に存在すれば内容を出力 | |
$file = '/var/www/html/' . $_GET['file']; | |
if (file_exists($file) === true) { | |
readfile($file); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
if (isset($_GET['file']) === true && $_GET['file'] !== '') { | |
// 指定されたファイル名に「..」が含まれていたら処理終了 | |
if (strpos($_GET['file'], '..') !== false) { | |
exit(); | |
} | |
// GET変数で指定されたファイルが /var/www/html に存在すれば内容を出力 | |
$file = '/var/www/html/' . $_GET['file']; | |
if (file_exists($file) === true) { | |
readfile($file); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
if (isset($_GET['file']) === true && $_GET['file'] !== '') { | |
$file = str_replace("\0", "", $_GET['file']); // nullバイトを削除 | |
$file = '/var/www/html/' . basename($file); // ファイル名以外の部分を削除 | |
// GET変数で指定されたファイルが /var/www/html に存在すれば内容を出力 | |
if (file_exists($file) === true) { | |
readfile($file); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* このプログラムは脆弱性のサンプルです。 | |
* 公開サーバに設置しないでください | |
*/ | |
$string = 'こたんたにたちたわた、世界!'; | |
eval("echo htmlspecialchars(str_replace('" . $_GET['keyword']. | |
"','', '".$string."'), ENT_QUOTES, 'UTF-8');"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$string = 'こたんたにたちたわた、世界!'; | |
// 入力された文字列が$string変数に含まれている場合だけ処理を行う | |
if (strpos($string, $_GET['keyword']) !== false) { | |
eval("echo htmlspecialchars(str_replace('".$_GET['keyword']. | |
"','', '".$string."'), ENT_QUOTES, 'UTF-8');"); | |
} |
OlderNewer