这次呢是做下web中代码审计的,比较简单。下面是要审计代码。
<?php show_source(__FILE__); error_reporting(0); $disable_fun = ["assert","print_r","system", "shell_exec","ini_set", "scandir", "exec","proc_open", "error_log", "ini_alter", "ini_set", "pfsockopen", "readfile", "echo", "file_get_contents", "readlink", "symlink", "popen", "fopen", "file", "fpassthru"]; $disable_fun = array_merge($disable_fun, get_defined_functions()[‘internal‘]); foreach($disable_fun as $i){ if(stristr($_GET[shell], $i)!==false){ die(‘xmctf‘); } } eval($_GET[shell]);
按装顺序分析代码。
<?php //打印文件内容 show_source(__FILE__); //关闭报错 error_reporting(0);
//定义一个列表,然后列表里面存放着文件包含时的利用函数 $disable_fun = ["assert","print_r","system", "shell_exec","ini_set", "scandir", "exec","proc_open", "error_log", "ini_alter", "ini_set", "pfsockopen", "readfile", "echo", "file_get_contents", "readlink", "symlink", "popen", "fopen", "file", "fpassthru"]; //array_merge()将一个或多个数组的单元合并起来,一个数组中的值附加在前一个数组的后面,get_defined_functions()列出所有函数返回一个二维数组
$disable_fun = array_merge($disable_fun, get_defined_functions()[‘internal‘]);
//foreach()遍历数组
foreach($disable_fun as $i){
//
if(stristr($_GET[shell], $i)!==false){
die(‘xmctf‘); } } eval($_GET[shell]);
--------------------------------------------------吃饭-----------------------------------------------
原文:https://www.cnblogs.com/zi-Chuan/p/12463170.html