YiTk
2021-08-25 18:21
采纳率: 100%
浏览 200
已结题

CTF代码审计,有无解题思路

内容如下;因学艺不精一脸茫然,有没有大手子讲解一下思路,万分感激
题目描述:fl$@ag

<?php
#Try to read /flag
if(!isset($_GET['command'])&!isset($_GET['parameter'])) {
    show_source(__FILE__);
    die();
}
$command = $_GET['command'];
$parameter = $_GET['parameter'];

function filter($data) {
    $black_list = array('"', "'", " ","flag", "\n");
    foreach ($black_list as $key) {
        $data = str_replace($key, '', $data);
    }
    return $data;
}
$command = filter($command);
popen("$command",$parameter);
?>

1条回答 默认 最新

相关推荐 更多相似问题