当前位置:网站首页>I spring and autumn blasting-2
I spring and autumn blasting-2
2022-07-05 15:11:00 【Golden silk】
Open the connection , Another one PHP Code , Then audit it
eval(" Code a") Function is to make code a image PHP Do the same , Using this function, you can add code to this php In the document
Method 1 :
file() function , Is to read the file into the array ,PHP file() function | Novice tutorial (runoob.com)
Using this function , Can output flag.php Contents of Li , structure payload
url?hello=file("flag.php")
Get flag
Method 2 :
utilize ); Add a few more codes to this php in , You can use the following two functions , Output flag The file of
PHP show_source() function | Novice tutorial (runoob.com)
PHP highlight_file() function | Novice tutorial (runoob.com)
structure payload
url?hello=);show_source("flag.php");highlight_file("flag.php"
Mainly integration eval Things in functions
); To integrate the previous var_dump(
highlight_file("flag.php" To integrate the latter );
The principle is based on the original code , hold
eval( "var_dump($a);");
Instead of
var_dump();show_source("flag.php");highlight_file("flag.php");
In view of :i spring and autumn CTF Training Misc Web Blast -2_ Coconut milk jelly unsafe blog -CSDN Blog
边栏推荐
- CPU design practice - Chapter 4 practical task 2 using blocking technology to solve conflicts caused by related problems
- 基于TI DRV10970驱动直流无刷电机
- Behind the ultra clear image quality of NBA Live Broadcast: an in-depth interpretation of Alibaba cloud video cloud "narrowband HD 2.0" technology
- Change multiple file names with one click
- Redis distributed lock principle and its implementation with PHP (1)
- No one consults when doing research and does not communicate with students. UNC assistant professor has a two-year history of teaching struggle
- Reasons and solutions for redis cache penetration and cache avalanche
- Talk about your understanding of microservices (PHP interview theory question)
- CODING DevSecOps 助力金融企业跑出数字加速度
- Fr exercise topic --- comprehensive question
猜你喜欢
How to paste the contents copied by the computer into mobaxterm? How to copy and paste
IPv6与IPv4的区别 网信办等三部推进IPv6规模部署
Reasons and solutions for redis cache penetration and cache avalanche
![P6183 [USACO10MAR] The Rock Game S](/img/f4/d8c8763c27385d759d117b515fbf0f.png)
P6183 [USACO10MAR] The Rock Game S
CPU design related notes
一键更改多个文件名字
![P1451 calculate the number of cells / 1329: [example 8.2] cells](/img/c4/c62f3464608dbd6cf776c2cd7f07f3.png)
P1451 calculate the number of cells / 1329: [example 8.2] cells
Surpass palm! Peking University Master proposed diverse to comprehensively refresh the NLP reasoning ranking
美团优选管理层变动:老将刘薇调岗,前阿里高管加盟
No one consults when doing research and does not communicate with students. UNC assistant professor has a two-year history of teaching struggle
随机推荐
Interpretation of Apache linkage parameters in computing middleware
Crud of MySQL
Drive brushless DC motor based on Ti drv10970
机器学习框架简述
qt creater断点调试程序详解
【C 题集】of Ⅷ
你童年的快乐,都是被它承包了
MongDB学习笔记
Talk about your understanding of microservices (PHP interview theory question)
webRTC SDP mslabel lable
B站做短视频,学抖音死,学YouTube生?
Huawei Hubble incarnation hard technology IPO harvester
Photoshop plug-in - action related concepts - actions in non loaded execution action files - PS plug-in development
30岁汇源,要换新主人了
百亿按摩仪蓝海,难出巨头
Does maxcompute have SQL that can query the current storage capacity (KB) of the table?
Can gbase 8A view the location of SQL statement history?
Reasons and solutions for redis cache penetration and cache avalanche
No one consults when doing research and does not communicate with students. UNC assistant professor has a two-year history of teaching struggle
Creation and use of thymeleaf template