Start to build new gallery challenge

unsafe_gallery/Dockerfile

@@ -0,0 +1,4 @@
+FROM php:8.3-apache
+COPY src/ /var/www/html/
+
+ENV FLAG=CHANGEME

unsafe_gallery/README.md

@@ -0,0 +1,8 @@
+# Unsafe gallery challenge
+You need to set the `FLAG` environment variable for this challenge to work!
+
+
+## Run the image
+```bash
+docker run --rm --name unsafe_login --env FLAG='FLAG{UNSAFEGALLERY}' -p 3565:80 -it pierre42100/gns3-appliance-unsafe-gallery
+```

unsafe_gallery/build.sh

@@ -0,0 +1 @@
+sudo docker build -t pierre42100/gns3-appliance-unsafe-gallery .

unsafe_gallery/src/index.php

@@ -0,0 +1,43 @@
+<?php
+
+print_r($_FILES); 
+
+if(isset($_FILES["file"]))
+{
+  TODO
+}
+
+?><!doctype html>
+<html lang="en" data-bs-theme="auto">
+  <head>
+
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Safe gallery</title>
+
+    <link href="/bootstrap.min.css" rel="stylesheet" integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous">
+    <link href="/style.css" rel="stylesheet">
+  </head>
+  <body class="d-flex align-items-center py-4 bg-body-tertiary">    
+<main class="form-signin w-100 m-auto">
+  
+
+<div class="alert alert-success">
+<strong>Note</strong> : Une information se cache dans la variable d'environnement <i>FLAG</i>.
+</div>
+
+<h2>Upload file</h2>
+
+<form action="/" method="post" enctype="multipart/form-data">
+  <div>
+    <label for="formFile" class="form-label mt-4">Select image to upload</label>
+    <input class="form-control" type="file" id="formFile" name="file" required />
+  </div>
+  <div style="margin-top: 10px;">
+    <button type="submit" class="btn btn-primary">Perform upload</button>
+  </div>
+</form>
+  
+</main>
+</body>
+</html>

unsafe_gallery/src/style.css

@@ -0,0 +1,102 @@
+html,
+body {
+  height: 100%;
+}
+
+.form-signin {
+  max-width: 530px;
+  padding: 1rem;
+}
+
+.form-signin .form-floating:focus-within {
+  z-index: 2;
+}
+
+.form-signin input[type="email"] {
+  margin-bottom: -1px;
+  border-bottom-right-radius: 0;
+  border-bottom-left-radius: 0;
+}
+
+.form-signin input[type="password"] {
+  margin-bottom: 10px;
+  border-top-left-radius: 0;
+  border-top-right-radius: 0;
+}
+
+.bd-placeholder-img {
+  font-size: 1.125rem;
+  text-anchor: middle;
+  -webkit-user-select: none;
+  -moz-user-select: none;
+  user-select: none;
+}
+
+@media (min-width: 768px) {
+  .bd-placeholder-img-lg {
+    font-size: 3.5rem;
+  }
+}
+
+.b-example-divider {
+  width: 100%;
+  height: 3rem;
+  background-color: rgba(0, 0, 0, .1);
+  border: solid rgba(0, 0, 0, .15);
+  border-width: 1px 0;
+  box-shadow: inset 0 .5em 1.5em rgba(0, 0, 0, .1), inset 0 .125em .5em rgba(0, 0, 0, .15);
+}
+
+.b-example-vr {
+  flex-shrink: 0;
+  width: 1.5rem;
+  height: 100vh;
+}
+
+.bi {
+  vertical-align: -.125em;
+  fill: currentColor;
+}
+
+.nav-scroller {
+  position: relative;
+  z-index: 2;
+  height: 2.75rem;
+  overflow-y: hidden;
+}
+
+.nav-scroller .nav {
+  display: flex;
+  flex-wrap: nowrap;
+  padding-bottom: 1rem;
+  margin-top: -1px;
+  overflow-x: auto;
+  text-align: center;
+  white-space: nowrap;
+  -webkit-overflow-scrolling: touch;
+}
+
+.btn-bd-primary {
+  --bd-violet-bg: #712cf9;
+  --bd-violet-rgb: 112.520718, 44.062154, 249.437846;
+
+  --bs-btn-font-weight: 600;
+  --bs-btn-color: var(--bs-white);
+  --bs-btn-bg: var(--bd-violet-bg);
+  --bs-btn-border-color: var(--bd-violet-bg);
+  --bs-btn-hover-color: var(--bs-white);
+  --bs-btn-hover-bg: #6528e0;
+  --bs-btn-hover-border-color: #6528e0;
+  --bs-btn-focus-shadow-rgb: var(--bd-violet-rgb);
+  --bs-btn-active-color: var(--bs-btn-hover-color);
+  --bs-btn-active-bg: #5a23c8;
+  --bs-btn-active-border-color: #5a23c8;
+}
+
+.bd-mode-toggle {
+  z-index: 1500;
+}
+
+.bd-mode-toggle .dropdown-menu .active .bi {
+  display: block !important;
+}