1. <?php
    3. /*
    4. # -*- coding: utf-8 -*-
    5. # @Author: h1xa
    6. # @Date:   2020-12-02 17:44:47
    7. # @Last Modified by:   h1xa
    8. # @Last Modified time: 2020-12-02 19:29:02
    9. # @email: h1xa@ctfer.com
    10. # @link: https://ctfer.com
    12. */
    14. error_reporting(0);
    15. highlight_file(__FILE__);
    16. include('flag.php');
    18. class ctfShowUser{
    19.     public $username='xxxxxx';
    20.     public $password='xxxxxx';
    21.     public $isVip=false;
    23.     public function checkVip(){
    24.         return $this->isVip;
    25.     }
    26.     public function login($u,$p){
    27.         if($this->username===$u&&$this->password===$p){
    28.             $this->isVip=true;
    29.         }
    30.         return $this->isVip;
    31.     }
    32.     public function vipOneKeyGetFlag(){
    33.         if($this->isVip){
    34.             global $flag;
    35.             echo "your flag is ".$flag;
    36.         }else{
    37.             echo "no vip, no flag";
    38.         }
    39.     }
    40. }
    42. $username=$_GET['username'];
    43. $password=$_GET['password'];
    45. if(isset($username) && isset($password)){
    46.     $user = new ctfShowUser();
    47.     if($user->login($username,$password)){
    48.         if($user->checkVip()){
    49.             $user->vipOneKeyGetFlag();
    50.         }
    51.     }else{
    52.         echo "no vip,no flag";
    53.     }
    54. }

    poc

    1. GET /?username=xxxxxx&password=xxxxxx

    flag
    ctfshow{8634e01e-356f-4098-8308-f6c9a64bef56}