Updates php/challenge-57.md

Auto commit by GitBook Editor

Author: CHYbeta

SUMMARY.md

@@ -60,6 +60,7 @@
 * [Challenge 54](php/challenge-54.md)
 * [Challenge 55](php/challenge-55.md)
 * [Challenge 56](php/challenge-56.md)
+* [Challenge 57](php/challenge-57.md)
 
 ## PYTHON
 

php/challenge-57.md

@@ -0,0 +1,47 @@
+# Challenge
+```php 
+<?php
+/*//设置open_basedir
+ini_set("open_basedir", "/home/shawn/www/index/");
+ */
+
+if (isset($_GET['file'])) {
+	$file = trim($_GET['file']);
+} else {
+	$file = "main.html";
+}
+
+// disallow ip
+if (preg_match('/^(http:\/\/)+([^\/]+)/i', $file, $domain)) {
+	$domain = $domain[2];
+	if (stripos($domain, ".") !== false) {
+		die("Hacker");
+	}
+}
+
+if( @file_get_contents($file)!=''){
+echo file_get_contents($file);
+
+}else{
+
+$str=<<<EOF
+<html>
+<head><title>403 Forbidden</title></head>
+<body bgcolor="white">
+<center><h1>403 Forbidden</h1></center>
+<hr><center>nginx/1.13.5</center>
+</body>
+</html>
+<!-- a padding to disable MSIE and Chrome friendly error page -->
+<!-- a padding to disable MSIE and Chrome friendly error page -->
+<!-- a padding to disable MSIE and Chrome friendly error page -->
+<!-- a padding to disable MSIE and Chrome friendly error page -->
+<!-- a padding to disable MSIE and Chrome friendly error page -->
+<!-- a padding to disable MSIE and Chrome friendly error page -->
+EOF;
+echo $str;
+}
+```
+
+# Refference 
++ 2017 XDCTF web3