http://drops.xmd5.com/static/drops/papers-4544.html
https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet: preg_replace("/.*/e","system('echo /etc/passwd')");https://www.waitalone.cn/php-code-injection.html
http://www.freebuf.com/articles/web/54086.html:图片上传,可以php上传,但是以图片解析,绕过限制
https://www.secpulse.com/archives/40617.html:绕过图片上传校验
eval('$obj=' . $obj . ';');
\x00在c字符串中会截断:http://www.cnblogs.com/cyjaysun/p/4390930.html