御林babyunserialize

O:4:"auth":2:{s:8:"username";s:8:"YulinSec";s:6:"passwd";s:22:"i_love_php_unserialize";}

FLAG1

<?php

class auth{

var $username = "YulinSec";

var $passwd = 'i_love_php_unserialize';

}

$example = new auth();

$SerialString = serialize($example);

echo $SerialString; #输出

?>

原来是数组序列化

对象序列化不行

a:2:{i:username;s:8:"YulinSec";i:passwd;s:22:"i_love_php_unserialize";}

我逐渐理解了一切

<?php

class auth{

var $username = "YulinSec";

var $passwd = 'i_love_php_unserialize';

}

$example = new auth();

$SerialString = serialize($example);

echo $SerialString; #输出

$a = unserialize('a:2:{i:0;s:8:"YulinSec";i:1;s:22:"i_love_php_unserialize";}');

# echo $a[0];

# echo $a[1];

$arr = [

'username' => 'YulinSec',

'passwd' => 'i_love_php_unserialize',

];

# echo $arr['username'];

# echo $arr['passwd'];

$b = serialize($arr);

echo $b

?>

auth=a:2:{s:8:"username";s:8:"YulinSec";s:6:"passwd";s:22:"i_love_php_unserialize";}

POST数据

得到flag1

FLAG2，没做出来

PHP中->和=>的意思_php =>-CSDN博客

Data数据传输对象包含getflag(),方法内容为echo()

思路就是这样，在线编辑启动！

不小心忘了，方法不能直接序列化