标签: php特性

16 篇文章

[36D杯 2020]给你shell
[36D杯 2020]给你shell 打开题目查看源码发现 ?view_source 有源码,并且告诉我们flag在/flag.txt中: <?php //It's no need to use scanner. Of course if you want, but u will find nothing. error_reporting(0…
[BJDCTF 2020]Mark loves cat
[BJDCTF 2020]Mark loves cat git源码泄露 dirsearch发现/.git 目录,使用Githack下载源码: <?php include 'flag.php'; $yds = "dog"; $is = "cat"; $handsome = 'yds'; foreach($_POST as $x => $y…
[WUSTCTF 2020]朴实无华
[WUSTCTF 2020]朴实无华 首先通过robots.txt页面发现 /fAke_f1agggg.php,然后访问 /fAke_f1agggg.php的时候给了个假 flag,抓包看HTTP头,能够发现真正的 /fl4g.php 页面: <?php header('Content-type:text/html;charset=utf-8…
[广东强网杯 2021]love_pokemon
[广东强网杯 2021]love_pokemon 源码: <?php error_reporting(0); highlight_file(__FILE__); $dir = 'sandbox/' . md5($_SERVER['REMOTE_ADDR']) . '/'; if(!file_exists($dir)){ mkdir($…
2021 鹤城杯
2021 鹤城杯 middle_magic 源码: <?php highlight_file(__FILE__); include "./flag.php"; include "./result.php"; if(isset($_GET['aaa']) && strlen($_GET['aaa']) < …
[NepCTF 2021]梦里花开牡丹亭
[NepCTF 2021]梦里花开牡丹亭 进入题目,给出源码: <?php highlight_file(__FILE__); error_reporting(0); include('shell.php'); class Game{ public $username; public $password; public $choice; pu…
2021 DASCTF July
2021 DASCTF July ezrce 果真就ezrce,直接网上搜到了RCE:yapi 远程命令执行漏洞分析,直接跟着操作走就行,这里复现一遍: 首先攻击者先注册一个新用户,然后登陆之后选择添加项目 项目名称和路径都能随便写 在设置 -> 全局 mock 脚本中添加恶意代码,开启并保存 POC如下: const sandbox = t…
[极客大挑战 2020]Greatphp
[极客大挑战 2020]Greatphp 源码: <?php error_reporting(0); class SYCLOVER { public $syc; public $lover; public function __wakeup(){ if( ($this->syc != $this->lover) &&…