<?php
if (extract_teamname_from_cookie("hackme") === false) {
exit;
}
define('SHPA_WEB_PAGE_TO_ROOT', '');
require_once SHPA_WEB_PAGE_TO_ROOT . 'function.php';
shpaEchoHeader();
shpaCheckAuth();
// The page we wish to display
$file = $_GET['page'];
$attachment_location = $_SERVER["DOCUMENT_ROOT"] . "/hack.me/" . base64_decode($file);
//die($attachment_location);
if (file_exists($attachment_location)) {
if (strpos(realpath($attachment_location), "/var/www/") !== 0) {
die;
}
header($_SERVER["SERVER_PROTOCOL"] . " 200 OK");
header("Cache-Control: public");
// needed for i.e.
header("Content-Transfer-Encoding: Binary");
header("Content-Length:" . filesize($attachment_location));
header("Content-Disposition: attachment; filename=file.pdf");
header("Content-Type: application/pdf");
$data = file_get_contents($attachment_location);
$data = sharifctf_internal_put_it($data, "hackme");
echo $data;
die;
} else {
die("Error: File not found.");
}
<?php
if (extract_teamname_from_cookie("technews") === false) {
die("\n\n\n");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Technology News</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrap">
<div id="header">
<div id="topbar">
<h1 id="sitename"><a href="index.php">Technology<span>News</span></a><span></span></h1>
<form action="search.php" method="get">
<div id="topsearch">
<input type="text" name="query" size="25" />
</div>
</form>
</div>
<div id="headercontent">
<h2 id="description">Technology News</h2>
<div id="headerlinks"><img src="files/images/rss.jpg" alt="" width="128" height="70" /></div>
</div>
<div id="topnav">
<ul>
<li class="active"><a href="index.php">Home</a></li>
