Defcon 2018 Qualify: Easy Pisy writeup

Defcon 2018 Qualify: Easy Pisy

1. Source Code

题目给了俩PHP：

• execute.php

include 'common.php';

if ($_SERVER['REQUEST_METHOD'] === 'GET') {
   
  print highlight_string(file_get_contents("execute.php"), TRUE);
  exit(0);
}

$keys = get_keys();
$privkey = $keys[0];
$pubkey = $keys[1];

$file_info = $_FILES['userfile'];
check_uploaded_file($file_info);

$data = file_get_contents($file_info['tmp_name']);
$signature = hex2bin($_POST['signature']);
if (openssl_verify($data, $signature, $pubkey)) {
   
  print 'Signature is OK.
';
} else {
   
  die('Bad signature.');
}

$text = pdf_to_text($file_info['tmp_name']);
print "Text: \"$text\"
";

$execute_query = "EXECUTE ";
$echo_query = "ECHO