oxeo0/darknet-lantern
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/darknet-lantern.git synced 2025-05-16 20:26:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

made sure you couldnt get php payloads to work via csv files

Browse source
This commit is contained in:
root 2025-01-25 10:33:26 +01:00
parent 91af49035e
commit e76297de64
4 changed files with 67 additions and 111 deletions
Download patch file Download diff file Expand all files Collapse all files

10
www/webring.php
View file

@ -11,6 +11,16 @@ if (($handle = fopen($csvfile, "r")) !== FALSE) {
$oldcatname="";
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
$data[0]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[0]);
// PREVENT ALL MALICIOUS PHP PAYLOADS FROM BEING EXECUTED FROM CSV FILES!
$data[1]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[1]);
$data[2]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[2]);
$data[3]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[3]);
$data[4]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[4]);
$data[5]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[5]);
$data[6]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[6]);
$data[7]=preg_replace("/[^a-zA-Z0-9:\/.\ -✔️❌]/", "", $data[7]);
$num = count($data);
//echo "<p>" . $data[1] . "</p>";
//echo "<p> $num fields in line $row: <br /></p>\n";