level 1
小胡来
楼主
<?php
//flag in /flag
highlight_file(__FILE__);
error_reporting(0);
$a = $_GET['test1']?$_GET['test1']:'';
$b = $_GET['test2']?$_GET['test2']:'';
if($a!==$b&&md5($a)===md5($b)){
if(isset($_GET['cmd'])){
$cmd = $_GET['cmd'];
if(!preg_match("/\;|cat|paste|cut|dd|flag|more|less|head|sort|tail|system|exec|shell_exec|tac|od|vi|vim|nl|rev|grep|awk|sed|perl|python|php|ruby|base64|xxd|hexdump|strings|curl|wget|nc|netcat|telnet|ftp|ssh|scp|find|locate|whereis|which|ld|gcc|make|sh|bash|zsh|read|cmp|tee|\(|\)|\{|\}|\`|\*|\?|<|>|\"|\'|{0-9}| |\\$|\./i", $cmd)){
system($cmd);
}
else{
die("Bye~~~~~~");
}
}
}
else{
echo "See You~~~~~";
}
?>
Flag bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
大佬们这题怎么绕过啊
2025年08月16日 06点08分
1
//flag in /flag
highlight_file(__FILE__);
error_reporting(0);
$a = $_GET['test1']?$_GET['test1']:'';
$b = $_GET['test2']?$_GET['test2']:'';
if($a!==$b&&md5($a)===md5($b)){
if(isset($_GET['cmd'])){
$cmd = $_GET['cmd'];
if(!preg_match("/\;|cat|paste|cut|dd|flag|more|less|head|sort|tail|system|exec|shell_exec|tac|od|vi|vim|nl|rev|grep|awk|sed|perl|python|php|ruby|base64|xxd|hexdump|strings|curl|wget|nc|netcat|telnet|ftp|ssh|scp|find|locate|whereis|which|ld|gcc|make|sh|bash|zsh|read|cmp|tee|\(|\)|\{|\}|\`|\*|\?|<|>|\"|\'|{0-9}| |\\$|\./i", $cmd)){
system($cmd);
}
else{
die("Bye~~~~~~");
}
}
}
else{
echo "See You~~~~~";
}
?>
Flag bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
大佬们这题怎么绕过啊
