查看源代码可以发现关键词calc.php
得到代码
<?php
error_reporting(0);
if(!isset($_GET['num'])){
show_source(__FILE__);
}else{
$str = $_GET['num'];
$blacklist = ['[a-z]', '[\x7f-\xff]', '\s',"'", '"', '`', '\[', '\]','\$', '_', '\\\\','\^', ','];
foreach ($blacklist as $blackitem) {
if (preg_match('/' . $blackitem . '/im', $str)) {
die("what are you want to do?");
}
}
@eval('echo '.$str.';');
}
?> 过滤掉了一些东西
fuzzing一下可用的字符
I'm so cute. Please give me money.
- Post link: https://roboterh.github.io/2021/12/06/RCTF2020-calc%E5%A4%8D%E7%8E%B0/
- Copyright Notice: All articles in this blog are licensed under unless otherwise stated.