![[安洵杯 2019]easy_serialize_php](https://www.zixueka.com/wp-content/uploads/2024/01/1706690653-02726adf6302cf2.jpg)
<?php
$function = @$_GET["f"];
function filter($img){
$filter_arr = array("php","flag","php5","php4","fl1g");
$filter = "/".implode("|",$filter_arr)."/i";
return preg_replace($filter,"",$img);
}
if($_SESSION){
unset($_SESSION);
}
$_SESSION["user"] = "guest";
$_SESSION["function"] = $function;
extract($_POST);
if(!$function){
echo "<a href="index.php?f=highlight_file">source_code</a>";
}
if(!$_GET["img_path"]){
$_SESSION["img"] = base64_encode("guest_img.png");
}else{
$_SESSION["img"] = sha1(base64_encode($_GET["img_path"]));
}
$serialize_info = filter(serialize($_SESSION));
if($function == "highlight_file"){
highlight_file("index.php");
}else if($function == "phpinfo"){
eval("phpinfo();"); //maybe you can find something in here!
}else if($function == "show_image"){
$userinfo = unserialize($serialize_info);
echo file_get_contents(base64_decode($userinfo["img"]));
}
hmoban主题是根据ripro二开的主题,极致后台体验,无插件,集成会员系统
自学咖网 »
[安洵杯 2019]easy_serialize_php
wen 