代码审计:
$files = scandir('./'); #文件目录
foreach($files as $file) { #循环目录下文件文件
if(is_file($file)){ #如果文件不是 index.php
if ($file !== "index.php") {
unlink($file); #删除
}
}
}
if(!isset($_GET['content']) || !isset($_GET['filename'])) { #需要传filenamecontent
highlight_file(__FILE__);
die();
}
$content = $_GET['content']; #内容过滤
if(stristr($content,'on') || stristr($content,'html') || stristr($content,'type') || stristr($content,'flag') || stristr($content,'upload') || stristr($content,'file')) {
echo "Hacker";
die();
}
$filename = $_GET['filename'];
if(preg_match("/[^a-z\.]/", $filename)