blob: 2c283409d8cde7eb61badf825760e3b0a1d15b07 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
--TEST--
Testing include file from $_FILES (but change name a bit)
--SKIPIF--
<?php include "../skipifcli.inc"; ?>
--INI--
suhosin.log.syslog=0
suhosin.log.sapi=0
suhosin.log.script=0
suhosin.log.stdout=255
suhosin.executor.include.whitelist=
suhosin.executor.include.blacklist=
--POST_RAW--
Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
-----------------------------20896060251896012921717172737
Content-Disposition: form-data; name="f1"; filename="filename2"
<?php echo "NO_GOOD/n";
-----------------------------20896060251896012921717172737--
--FILE--
<?php
include "/../../../" . $_FILES['f1']['tmp_name'];
?>
--EXPECTF--
ALERT - Include filename is an uploaded file (attacker 'REMOTE_ADDR not set', file '%s', line 2)
|
