2021第五空间线上赛web wp

最新推荐文章于 2025-05-11 19:00:06 发布

原创

最新推荐文章于 2025-05-11 19:00:06 发布 · 754 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#php #wp

本文通过实例演示了如何利用PHP的特性实现代码注入攻击，并介绍了几种防御措施。文章详细解析了利用__toString方法和session文件包含漏洞进行攻击的过程。

pklovecloud

 <?php  
include 'flag.php';
class pkshow 
{
   
     
    function echo_name()     
    {
   
             
        return "Pk very safe^.^";      
    }  
} 

class acp 
{
   
      
    protected $cinder;  
    public $neutron;
    public $nova;
    function __construct() 
    {
   
         
        $this->cinder = new pkshow;
    }  
    function __toString()      
    {
   
             
        if (isset($this->cinder))  
            return $this->cinder->echo_name();      
    }  
}  

class ace
{
   
       
    public $filename;     
    public $openstack;
    public $docker; 
    function echo_name()      
    {
   
      
        $this->openstack = unserialize($this->docker);
        $this->openstack->neutron = $heat;
        if($this->openstack->neutron === $this->openstack->nova)
        {
   
   
        $file = "./{
     
     $this->filename}";
            if (file_get_contents($file))         
            {
   
                 
                return file_get_contents($file); 
            }  
            else 
            {
   
    
                return "keystone lost~"; 
            }    
        }
    }  
}  

if (