当前位置:网站首页>Bugku's Eval
Bugku's Eval
2022-07-05 15:11:00 【Golden silk】
Open the connection
The title looks familiar , It's similar to the question I wrote before
i Spring and autumn blasting -1_l2872253606 The blog of -CSDN Blog
i Spring and autumn blasting -2_l2872253606 The blog of -CSDN Blog
The above article is more detailed than the following
utilize eval function , First, check the global variables
structure payload
url?hello=$GLOBALS
good heavens , I didn't find any flag, And was ridiculed
explain flag Is not a variable , It should be in flag.php It's annotated
structure Payload
url?hello=);highlight_file('flag.php');var_dump(
Get flag
Since it's in the document , It can also be done in another way , Utilization function
structure Payload
url?hello=file('flag.php')
Get the same flag
边栏推荐
- Ctfshow web entry explosion
- Ecotone technology has passed ISO27001 and iso21434 safety management system certification
- 想问下大家伙,有无是从腾讯云MYSQL同步到其他地方的呀?腾讯云MySQL存到COS上的binlog
- P1451 求细胞数量/1329:【例8.2】细胞
- Talk about your understanding of microservices (PHP interview theory question)
- 做研究无人咨询、与学生不交心,UNC助理教授两年教职挣扎史
- Photoshop plug-in action related concepts actionlist actiondescriptor actionlist action execution load call delete PS plug-in development
- JMeter performance test: serveragent resource monitoring
- How to solve the problem of garbled code when installing dependency through NPM or yarn
- Huawei Hubble incarnation hard technology IPO harvester
猜你喜欢
Ctfshow web entry explosion
12 MySQL interview questions that you must chew through to enter Alibaba
社区团购撤城“后遗症”
超越PaLM!北大碩士提出DiVeRSe,全面刷新NLP推理排行榜
MySQL----函数
No one consults when doing research and does not communicate with students. UNC assistant professor has a two-year history of teaching struggle
做研究无人咨询、与学生不交心,UNC助理教授两年教职挣扎史
![[JVM] operation instruction](/img/f5/85580495474ef58eafbb421338e93f.png)
[JVM] operation instruction
Behind the ultra clear image quality of NBA Live Broadcast: an in-depth interpretation of Alibaba cloud video cloud "narrowband HD 2.0" technology
Interview shock 62: what are the precautions for group by?
随机推荐
[detailed explanation of Huawei machine test] happy weekend
[recruitment position] infrastructure software developer
Using tensorboard to visualize the training process in pytoch
超越PaLM!北大硕士提出DiVeRSe,全面刷新NLP推理排行榜
市值蒸发超百亿美元,“全球IoT云平台第一股”赴港求生
Super wow fast row, you are worth learning!
Common interview questions about swoole
Type declaration of all DOM elements in TS
Ecotone technology has passed ISO27001 and iso21434 safety management system certification
Garbage collection mechanism of PHP (theoretical questions of PHP interview)
GPS原始坐标转百度地图坐标(纯C代码)
sql server char nchar varchar和nvarchar的区别
Mysql---- function
B站做短视频,学抖音死,学YouTube生?
1330:【例8.3】最少步数
MySQL之CRUD
ICML 2022 | explore the best architecture and training method of language model
Install and configure Jenkins
NBA赛事直播超清画质背后:阿里云视频云「窄带高清2.0」技术深度解读
华为哈勃化身硬科技IPO收割机