error_reporting(0); if(isset($_GET['code'])){ $code=$_GET['code']; if(strlen($code)>40){ die("This is too Long."); } if(preg_match("/[A-Za-z0-9]+/",$code)){ die("NO."); } @eval($code); } else{ highlight_file(__FILE__); } // ?> 1. 2. 3. 4. 5. ...
php//error_reporting(E_ALL);//ini_set('display_errors', 1);/* 检测请求方式,除了get和post之外拦截下来并写日志。 */if($_SERVER['REQUEST_METHOD'] !='POST'&&$_SERVER['REQUEST_METHOD'] !='GET') {write_attack_log("method"); }$url=$_SERVER['REQUEST_URI'];//获取uri来进行检测$data...
最近在复盘之前做过的CTF题时,发现有一道比较有趣。是用的PHP 字符串解析特性Bypass的思路,但这道题远不止于此,还有另一种解法,HTTP请求走私攻击。 RoarCTF 2019 Easy Calc 先看下源码: <?php error_reporting(0);if(!isset($_GET['num'])){ show_source(__FILE__); }else{ $str= $_GET['num...
phphighlight_file(__FILE__);error_reporting(0);if(isset($_GET['v1']) && isset($_GET['v2'])){ $v1 = $_GET['v1']; $v2 = $_GET['v2']; if(preg_match('/[a-zA-Z]+/', $v1) && preg_match('/[a-zA-Z]+/', $v2)){ eval("echo new $v1($v2());"...
error_reporting(0); highlight_file(__FILE__); function strCheck($cmd) { if(!preg_match("/\;|\&|\\$|\x09|\x26|more|less|head|sort|tail|sed|cut|awk|strings|od|php|ping|flag/i", $cmd)){ return($cmd); } else{ die("i hate this"); ...
每天一道,逐步提升,持之以恒,贵在坚持 该题为bugku的web题: 点击打开网址,源码如下: flag In the variable ! error_reporting(); include"flag1.php"; highlight_file(__file__); if(isset($_GET['args'])){ $args=$_GET['args']; if(!preg_match("/^\w+$/",$args)){ ...
phperror_reporting(0);//I heard you are good at PHPINFO+LFI, flag is in flag.php, find it my dear noob vegetable hacker.if(isset($_GET['file'])){$file=$_GET['file'];if($file</
<?php error_reporting(0); highlight_file(__FILE__); include("flag.php"); $a=$_SERVER['argv']; $c=$_POST['fun']; if(isset($_POST['CTF_SHOW'])&&isset($_POST['CTF_SHOW.COM'])&&!isset($_GET['fl0g'])){ if(!preg_match("/\\\|\/|\~|\`|\!|\@|\#|\%|\^|\*|...
phphighlight_file(__FILE__);include('flag.php');error_reporting(0);$error='你还想要flag嘛?';$suces='既然你想要那给你吧!';foreach($_GETas$key=>$value){if($key==='error'){die("what are you doing?!");}$$key=$$value;}foreach($_POSTas$key=>$value){if($value==='flag')...
<?php error_reporting(0); //听说你很喜欢数学,不知道你是否爱它胜过爱flag if(!isset($_GET['c'])){ show_source(__FILE__); }else{ //例子 c=20-1 $content = $_GET['c']; if (strlen($content) >= 80) { die("太长了不会算"); } $blacklist = [' ', '\t', '\r', '\...