lolcat
/
4get
6
14
Fork 5
Code Issues 25 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

path traversal exploit (this is what you get for using free software)

This commit is contained in:
lolcat 2025-03-02 21:58:18 -05:00
parent 36b0c570aa
commit b2203804c7
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
favicon.php
View File

@ -15,7 +15,12 @@ class favicon{
header("Content-Type: image/png"); header("Content-Type: image/png");
if(substr_count($url, "/") !== 2){ if(
preg_match(
'/^https?:\/\/[A-Za-z0-9.-]+$/',
$url
) === 0
){
header("X-Error: Only provide the protocol and domain"); header("X-Error: Only provide the protocol and domain");
$this->defaulticon(); $this->defaulticon();