web签到(md5弱类型)
<?php
//Author:H3h3QAQ
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);
if (isset($_GET["YBB"])) {
if (hash("md5", $_GET["YBB"]) == $_GET["YBB"]) {
echo "小伙子不错嘛!!flag给你了:" . $flag;
} else {
echo "偶吼,带黑阔被窝抓到了!!!!";
}
}
只需满足hash(“md5”, $_GET[“YBB”]) == $_GET[“YBB”])
GET传参YBB即得到flag
eztp(Thinkphp 5.0.24 反序列化(任意文件删除))
<?php
namespace app\index\controller;
class Index
{
public function index($run=[])
{
highlight_file(__FILE_