当前位置:网站首页>I spring and autumn blasting-2
I spring and autumn blasting-2
2022-07-05 15:11:00 【Golden silk】
Open the connection , Another one PHP Code , Then audit it
eval(" Code a") Function is to make code a image PHP Do the same , Using this function, you can add code to this php In the document
Method 1 :
file() function , Is to read the file into the array ,PHP file() function | Novice tutorial (runoob.com)
Using this function , Can output flag.php Contents of Li , structure payload
url?hello=file("flag.php")
Get flag
Method 2 :
utilize ); Add a few more codes to this php in , You can use the following two functions , Output flag The file of
PHP show_source() function | Novice tutorial (runoob.com)
PHP highlight_file() function | Novice tutorial (runoob.com)
structure payload
url?hello=);show_source("flag.php");highlight_file("flag.php"
Mainly integration eval Things in functions
); To integrate the previous var_dump(
highlight_file("flag.php" To integrate the latter );
The principle is based on the original code , hold
eval( "var_dump($a);");
Instead of
var_dump();show_source("flag.php");highlight_file("flag.php");
In view of :i spring and autumn CTF Training Misc Web Blast -2_ Coconut milk jelly unsafe blog -CSDN Blog
边栏推荐
- 一键更改多个文件名字
- Selection and use of bceloss, crossentropyloss, sigmoid, etc. in pytorch classification
- [recruitment position] Software Engineer (full stack) - public safety direction
- Un week - end heureux
- Crud de MySQL
- webRTC SDP mslabel lable
- mapper. Comments in XML files
- 你童年的快乐,都是被它承包了
- Can gbase 8A view the location of SQL statement history?
- What are CSRF, XSS, SQL injection, DDoS attack and timing attack respectively and how to prevent them (PHP interview theory question)
猜你喜欢
Ten billion massage machine blue ocean, difficult to be a giant
机器学习笔记 - 灰狼优化
CPU design related notes
Install and configure Jenkins
Differences between IPv6 and IPv4 three departments including the office of network information technology promote IPv6 scale deployment
1330:【例8.3】最少步数
两个BI开发,3000多张报表?如何做的到?
面试突击62:group by 有哪些注意事项?
729. 我的日程安排表 I :「模拟」&「线段树(动态开点)」&「分块 + 位运算(分桶)」
Talk about your understanding of microservices (PHP interview theory question)
随机推荐
12 MySQL interview questions that you must chew through to enter Alibaba
1330:【例8.3】最少步数
[12 classic written questions of array and advanced pointer] these questions meet all your illusions about array and pointer, come on!
一键更改多个文件名字
Handwriting promise and async await
Photoshop plug-in action related concepts actionlist actiondescriptor actionlist action execution load call delete PS plug-in development
Creation and optimization of MySQL index
Leetcode: Shortest Word Distance II
Coding devsecops helps financial enterprises run out of digital acceleration
Bugku's steganography
Huawei Hubble incarnation hard technology IPO harvester
CPU design practice - Chapter 4 practice task 3 use pre delivery technology to solve conflicts caused by related issues
华为哈勃化身硬科技IPO收割机
Common MySQL interview questions
Surpass palm! Peking University Master proposed diverse to comprehensively refresh the NLP reasoning ranking
Garbage collection mechanism of PHP (theoretical questions of PHP interview)
可视化任务编排&拖拉拽 | Scaleph 基于 Apache SeaTunnel的数据集成
Ctfshow web entry explosion
30岁汇源,要换新主人了
Super wow fast row, you are worth learning!