当前位置：网站首页>I spring and autumn blasting-2

I spring and autumn blasting-2

2022-07-05 15:11:00 【Golden silk】

Open the connection , Another one PHP Code , Then audit it

eval(" Code a") Function is to make code a image PHP Do the same , Using this function, you can add code to this php In the document

Method 1 ：

file() function , Is to read the file into the array ,PHP file() function | Novice tutorial (runoob.com)

Using this function , Can output flag.php Contents of Li , structure payload

url?hello=file("flag.php")

Get flag

Method 2 ：

utilize ); Add a few more codes to this php in , You can use the following two functions , Output flag The file of

PHP show_source() function | Novice tutorial (runoob.com)
PHP highlight_file() function | Novice tutorial (runoob.com)

structure payload

url?hello=);show_source("flag.php");highlight_file("flag.php"

Mainly integration eval Things in functions

); To integrate the previous var_dump(

highlight_file("flag.php" To integrate the latter );

The principle is based on the original code , hold

eval( "var_dump($a);");

Instead of

var_dump();show_source("flag.php");highlight_file("flag.php");

版权声明
本文为[Golden silk]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/02/202202140518211144.html