大佬友链(狗头):https://www.cnblogs.com/p201821440039/
参考博客:
https://www.zhaoj.in/read-6407.html
https://cjm00n.top/2020/02/29/V-N%E5%85%AC%E5%BC%80%E8%B5%9B2020-writeup/
https://www.cnblogs.com/20175211lyz/p/12398612.html
https://www.cnblogs.com/wangtanzhi/p/12388331.html
https://buki-freak.github.io/2020/03/04/V-N-%E5%86%85%E9%83%A8%E8%80%83%E6%A0%B8-wp/#TimeTravel
菜鸡当时没有打出来,后来趁着还有记忆赶快记录一下!
首先进入就直接给了源码:
<?php error_reporting(0); require __DIR__ . '/vendor/autoload.php'; use GuzzleHttp\Client; highlight_file(__FILE__); if(isset($_GET['flag'])) { $client = new Client(); $response = $client->get('http://127.0.0.1:5000/api/eligible'); $content = $response->getBody(); $data = json_decode($content, TRUE); if($data['success'] === true) { echo system('/readflag'); } } if(isset($_GET['file'])) { highlight_file($_GET['file']); } if(isset($_GET['phpinfo'])) { phpinfo(); }