内容如下;因学艺不精一脸茫然,有没有大手子讲解一下思路,万分感激
题目描述:fl$@ag
<?php
#Try to read /flag
if(!isset($_GET['command'])&!isset($_GET['parameter'])) {
show_source(__FILE__);
die();
}
$command = $_GET['command'];
$parameter = $_GET['parameter'];
function filter($data) {
$black_list = array('"', "'", " ","flag", "\n");
foreach ($black_list as $key) {
$data = str_replace($key, '', $data);
}
return $data;
}
$command = filter($command);
popen("$command",$parameter);
?>