mfw

wp

攻防世界----mfw-CSDN博客

攻防世界-mfw-(详细操作)做题笔记_攻防世界mfw_角一角的博客-CSDN博客

 

  • 首先是题目的提示要注意看(用到了.git——git源码泄露,php语言开发——跟.php有关)

  •  应该是flag.php的文件

     

  • 用工具下载git源码后进行分析得
<?php
 
if (isset($_GET['page'])) {  //判断参数page是否为空
    $page = $_GET['page'];
} else {    //为空输出page=home
    $page = "home";
}
 
$file = "templates/" . $page . ".php";
 
// I heard '..' is dangerous!
assert("strpos('$file', '..') === false") or die("Detected hacking attempt!");  //查找$file
中..第一次出现的位置,查找成功则返回true,失败则返回flase,
// TODO: Make this look nice
assert("file_exists('$file')") or die("That file doesn't exist!");
 
?>
<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        
        <title>My PHP Website</title>
        
        <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css" />
    </head>
    <body>
        <nav class="navbar navbar-inverse navbar-fixed-top">
            <div class="container">
                <div class="navbar-header">
                    <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
                        <span class="sr-only">Toggle navigation</span>
                        <span class="icon-bar"></span>
                        <span class="icon-bar"></span>
                        <span class="icon-bar"></span>
                      </button>
                      <a class="navbar-brand" href="#">Project name</a>
                </div>
                <div id="navbar" class="collapse navbar-collapse">
                      <ul class="nav navbar-nav">
                        <li <?php if ($page == "home") { ?>class="active"<?php } ?>><a href="?page=home">Home</a></li>
                        <li <?php if ($page == "about") { ?>class="active"<?php } ?>><a href="?page=about">About</a></li>
                        <li <?php if ($page == "contact") { ?>class="active"<?php } ?>><a href="?page=contact">Contact</a></li>
                        <!--<li <?php if ($page == "flag") { ?>class="active"<?php } ?>><a href="?page=flag">My secrets</a></li> -->
                      </ul>
                </div>
            </div>
        </nav>
        
        <div class="container" style="margin-top: 50px">
            <?php
                require_once $file;
            ?>
            
        </div>
        
        <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js" />
        <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js" />
    </body>
</html>
View Code

  关键代码:

<?php

if (isset($_GET['page'])) {
    $page = $_GET['page'];
} else {
    $page = "home";
}

$file = "templates/" . $page . ".php";//用于拼接形成目录路径

// I heard '..' is dangerous!
assert("strpos('$file', '..') === false") or die("Detected hacking attempt!");

// TODO: Make this look nice
assert("file_exists('$file')") or die("That file doesn't exist!");
?>
  • 关键函数

  • 核心在于破坏原来的函数代码的执行,执行我们自己想要的命令

  •  注意!下面的那个//是php中的注释符的意思

 

posted @ 2023-11-08 00:47  努力的大魔王  阅读(96)  评论(0)    收藏  举报