ctfshow-web入门-反序列化(前篇)

目录

web254

web255

web256

web257

web258

web259

web260

web261

web262

web263

web264

web265

web266

web267

web254

isVip;
    }
    public function login($u,$p){
        if($this->username===$u&&$this->password===$p){
            $this->isVip=true;
        }
        return $this->isVip;
    }
    public function vipOneKeyGetFlag(){
        if($this->isVip){
            global $flag;
            echo "your flag is ".$flag;
        }else{
            echo "no vip, no flag";
        }
    }
}
​
$username=$_GET['username'];
$password=$_GET['password'];
​
if(isset($username) && isset($password)){
    $user = new ctfShowUser();
    if($user->login($username,$password)){
        if($user->checkVip()){
            $user->vipOneKeyGetFlag();
        }
    }else{
        echo "no vip,no flag";
    }
} 

直接审一下代码可以知道

username=xxxxxx&password=xxxxxx

就可以flag

web255

isVip;
    }
    public function login($u,$p){
        return $this->username===$u&&$this->password===$p;
    }
    public function vipOneKeyGetFlag(){
        if($this->isVip){
            global $flag;
            echo "your flag is ".$flag;
        }else{
            echo "no vip, no flag";
        }
    }
}
​
$username=$_GET['username'];
$password=$_GET['password'];
​
if(isset($username) && isset($password)){
    $user = unserialize($_COOKIE['user']);    
    if($user->login($username,$password)){
        if($user->checkVip()){
            $user->vipOneKeyGetFlag();
        }
    }else{
        echo "no vip,no flag";
    }
}

首先，get传入的username和password都是xxxxx

源码里面有

$user = unserialize($_COOKIE['user'])
$user->login($username,$password)

然后就是说，我们需要让反序列化后的结果是ctfshowUser的实例化对象，有因为只有$this->isVip为true才能是flag，所以反序列化的内容

web256