附代码:
<?php
/*
# -*- coding: utf-8 -*-
# @Author: h1xa
# @Date: 2020-12-02 17:44:47
# @Last Modified by: h1xa
# @Last Modified time: 2020-12-02 19:29:02
# @email: h1xa@ctfer.com
# @link: https://ctfer.com
*/
error_reporting(0);
highlight_file(__FILE__);
include('flag.php');
class ctfShowUser{
public $username='xxxxxx';
public $password='xxxxxx';
public $isVip=false;
public function checkVip(){
return $this->isVip;
}
public function login($u,$p){
if($this->username===$u&&$this->password===$p){
$this->isVip=true;
}
return $this->isVip;
}
public function vipOneKeyGetFlag(){
if($this->isVip){
global $flag;
echo "your flag is ".$flag;
}else{
echo "no vip, no flag";
}
}
}
$username=$_GET['username'];
$password=$_GET['password'];
if(isset($username) && isset($password)){
$user = new ctfShowUser();
if($user->login($username,$password)){
if($user->checkVip()){
$user->vipOneKeyGetFlag();
}
}else{
echo "no vip,no flag";
}
}
这道题很简单,大概思路就是让你Get传参一个username和password,下面的if是检查是否为空,不为空就调用ctfShowUser里面的login方法,传入的username变成了$u,传入的password变成了$p。下面的if就是在判断isVip是否为ture,可以看到一开始
这里的的isVip是false的,所以如果username和password的值和ctfShowUser里面的username和password的值分别相同,那么就让isVip变成Ture,我们就可以跳到vipOneKeyGetFlag()中去。得到flag
payload:
?username=xxxxxx&password=xxxxxx
思路理清了还是很简单的。