R3CTF-2025 web

OneZ3r0 Lv3
  2025-07-05 10:21:13 2025-07-05 10:21:13 创建   2025-07-29 18:03:58 2025-07-29 18:03:58 更新    

前言

web1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
<?php
if (isset($_GET['input'])) {
    echo '<div class="output">';

    $filtered = str_replace(['$', '(', ')', '`', '"', "'", "+", ":", "/", "!", "?"], '', $_GET['input']);
    $cmd = $filtered . '();';

    echo '<strong>After Security Filtering:</strong> <span class="filtered">' . htmlspecialchars($cmd) . '</span>' . "\n\n";

    echo '<strong>Execution Result:</strong>' . "\n";
    echo '<div style="border-left: 3px solid #007bff; padding-left: 15px; margin-left: 10px;">';

    try {
        ob_start();
        eval($cmd);
        $result = ob_get_clean();

        if (!empty($result)) {
            echo '<span class="success">✅ Function executed successfully!</span>' . "\n";
            echo htmlspecialchars($result);
        } else {
            echo '<span class="success">✅ Function executed (no output)</span>';
        }
    } catch (Error $e) {
        echo '<span class="error">❌ Error: ' . htmlspecialchars($e->getMessage()) . '</span>';
    } catch (Exception $e) {
        echo '<span class="error">❌ Exception: ' . htmlspecialchars($e->getMessage()) . '</span>';
    }

    echo '</div>';
    echo '</div>';
}
?>

有nginx的配置文件

  • 标题: R3CTF-2025 web
  • 作者: OneZ3r0
  • 创建于 : 2025-07-05 10:21:13
  • 更新于 : 2025-07-29 18:03:58
  • 链接: https://blog.onez3r0.top/2025/07/05/r3ctf-2025/
  • 版权声明: 本文章采用 CC BY-NC-SA 4.0 进行许可。
目录
R3CTF-2025 web
  1. 前言
  2. web1