网站首页
编程语言
数据库
系统相关
其他分享
编程问答
escapeshellcmd
2024-11-05
[BUUCTF 2018]Online Tool
典型的PHP代码审计开始审计^()[]{}$\,\x0A和\xFF以及不配对的单/双引号转义$sandbox=md5("glzjin".$_SERVER['REMOTE_ADDR']);echo'youareinsandbox'.$sandbox;@mkdir($sandbox);//新建目录,默认权限,最大可能的访问权chdir($sandbox);//改
2024-09-08
[BUUCTF 2018]Online Tool 1
<?phpif(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){$_SERVER['REMOTE_ADDR']=$_SERVER['HTTP_X_FORWARDED_FOR'];}if(!isset($_GET['host'])){highlight_file(__FILE__);}else{$host=$_GET['