首先附上网站源码http://123.206.31.85:49166/
index.php
<!-- upload.php -->
<?php
if(!isset($_GET['file']))
{
header('Location: ./index.php?file=hello.php');
exit();
}
@$file = $_GET["file"];
if(isset($file))
{
if (preg_match('/php:\/\/|http|data|ftp|input|%00/i', $file) || strstr($file,"..") !== FALSE || strlen($file)>=70)
{
echo "<h1>NAIVE!!!</h1>";
}
else
{
include($file);
}
}
?>
upload.php
<html>
<head>
<meta charset="utf-8&