I have found a site that I want to hack. The code of the page is this:
<?php
// Javascript
header("Content-Type: text/javascript");
$files = explode("&", $_SERVER['QUERY_STRING']);
$files_total = sizeof($files);
for ($i = 0; $i < $files_total; $i++) {
// Prevent URLS
if (preg_match('/\//', $files[$i])) {
continue;
}
// Check if file exists
if (file_exists($files[$i])) {
readfile($files[$i]);
print ";\n";
}
}
?>
I can view the code of the current page but not anything else because in this directory there is only this file and .js file
doe anyone know how I can exploit this?
<?php
// Javascript
header("Content-Type: text/javascript");
$files = explode("&", $_SERVER['QUERY_STRING']);
$files_total = sizeof($files);
for ($i = 0; $i < $files_total; $i++) {
// Prevent URLS
if (preg_match('/\//', $files[$i])) {
continue;
}
// Check if file exists
if (file_exists($files[$i])) {
readfile($files[$i]);
print ";\n";
}
}
?>
I can view the code of the current page but not anything else because in this directory there is only this file and .js file
doe anyone know how I can exploit this?