patch.diff - bambi7-service-catchbox - Simple Web-based file storage A/D service for BambiCTF7 in 2022

	bambi7-service-catchbox Simple Web-based file storage A/D service for BambiCTF7 in 2022
	git clone https://git.sinitax.com/sinitax/bambi7-service-catchbox
	Log \| Files \| Refs \| README \| sfeed.txt

patch.diff (1303B)

      1diff --git a/service/nginx.conf b/service/nginx.conf
      2index 0233eae..54ec102 100644
      3--- a/service/nginx.conf
      4+++ b/service/nginx.conf
      5@@ -26,7 +26,7 @@ http {
      6 		}
      7 
      8 		location /uploads {
      9-			alias /service/files/;
     10+			alias /service/files;
     11 		}
     12 
     13 		location /reports {
     14diff --git a/service/www/index.php b/service/www/index.php
     15index 33726c9..be4d3f3 100644
     16--- a/service/www/index.php
     17+++ b/service/www/index.php
     18@@ -105,7 +105,7 @@ function serv_post() {
     19 			. "VALUES (:user, :pass, :creat, :auth)");
     20 		$q->bindValue(":user", $_POST["username"], SQLITE3_TEXT);
     21 		$q->bindValue(":pass", $_POST["password"], SQLITE3_TEXT);
     22-		$q->bindValue(":creat", time(), SQLITE3_INTEGER);
     23+		$q->bindValue(":creat", time() * 10000 + random_int(0, 10000), SQLITE3_INTEGER);
     24 		$q->bindValue(":auth", $auth, SQLITE3_TEXT);
     25 		$res = $q->execute();
     26 		if ($res === false) {
     27@@ -205,7 +205,7 @@ function serv_post() {
     28 		$q = $db->prepare("INSERT INTO files (uid, file, dir, creat) "
     29 			. "VALUES (:uid, :file, :dir, :creat)");
     30 		$q->bindValue(":uid", $uid, SQLITE3_INTEGER);
     31-		$q->bindValue(":file", $_POST["filename"], SQLITE3_TEXT);
     32+		$q->bindValue(":file", $filename, SQLITE3_TEXT);
     33 		$q->bindValue(":dir", $dir, SQLITE3_TEXT);
     34 		$q->bindValue(":creat", time(), SQLITE3_INTEGER);
     35 		$res = $q->execute();