regex

nanoymaster

the master of nanoy(.org)

0 0

16 years ago

hi I was just wondering if anyone here was anygood with regex and if so if you know whats wrong with this code.

&lt;?php

$handle = fopen($_GET[&#39;var&#39;], &quot;rb&quot;);
$contents = &#39;&#39;;
while (!feof($handle)) {
  $contents .= fread($handle, 8192);
}
fclose($handle);

echo(&quot;&lt;br&gt;&lt;br&gt;&quot;.htmlentities($contents)); 

$regex = &quot;^&#92;&lt;&#92;?(php)(&#92;r)&#92;nsystem&#92;(&#92;$&#92;_GET&#92;[&#92;&quot;|&#92;&#39;cmd&#92;&quot;|&#92;&#39;&#92;]&#92;)&#92;;(&#92;r)&#92;n&#92;?&#92;&gt;^&quot;;

if (preg_match($regex, $contents)) {
		echo(&quot;&lt;br&gt;&lt;br&gt; matches&quot;);
	} 
	else {
		echo(&quot;&lt;br&gt;&lt;br&gt; doesn&#39;t match&quot;);
	}

?&gt;

it's supposed to look for a shell : <?(php)[new line]system($_GET["']cmd['"]);[new line]?>

hope that makes sence eg the following would match <?php system($_GET['cmd']); ?>

any help would be appreciated

Uh oh. Looks like your using an ad blocker.

nanoymaster