[HXBCTF 2021]easywill writeup(WillPHP源码审计+利用pearcmd.php文件包含getshell)
本文来自csdn的⭐️shu天⭐️,平时会记录ctf、取证和渗透相关的文章,欢迎大家来我的主页:shu天_CSDN博客-ctf,取证,web领域博主:https://blog.csdn.net/weixin_46081055 看看ヾ(@ ˘ω˘ @)ノ!!
[HXBCTF 2021]easywill
1.WillPHP源码审计
给了一小段源码
<?php
namespace home\controller;
class IndexController{
public function index(){
highlight_file(__FILE__);
assign($_GET['name'],$_GET['value']);
return view();
}
}
版本WillPHP v2.1.5 ,官网我没找到旧版下载,去别的地方下了
assign函数
看willphp\wiphp\View.php
<?php
/**
* 框架视图处理类
* @copyright Copyright(c) 2020 WillPHP
* @author DaSongzi <24203741@qq.com/113344.com>
* @version 2.1.1
* @since 2021-05-31
*/
namespace wiphp;
require PATH_TPLE.'/Tple.php';
class View {
private static $_vars = [];
public static function assign($name, $value = NULL) {
if ($name != '') self::$_vars[$name] = $value; //$name, $value传值给$_vars数组
}
public static function fetch($file = '', $vars = []) {
if (!empty($vars)) self::$_vars = array_merge(self::$_vars, $vars