[随波逐流]CTF Flags

[SUCTF 2019]Upload Labs 2

广告模块

ID：	7473
标题：	[SUCTF 2019]Upload Labs 2
描述：	https://github.com/team-su/SUCTF-2019/tree/master/Web/Upload%20Labs%202 admin.php: ``` <?php include 'config.php'; class Ad{ public $cmd; public $clazz; public $func1; public $func2; public $func3; public $instance; public $arg1; public $arg2; public $arg3; function __construct($cmd, $clazz, $func1, $func2, $func3, $arg1, $arg2, $arg3){ $this->cmd = $cmd; $this->clazz = $clazz; $this->func1 = $func1; $this->func2 = $func2; $this->func3 = $func3; $this->arg1 = $arg1; $this->arg2 = $arg2; $this->arg3 = $arg3; } function check(){ $reflect = new ReflectionClass($this->clazz); $this->instance = $reflect->newInstanceArgs(); $reflectionMethod = new ReflectionMethod($this->clazz, $this->func1); $reflectionMethod->invoke($this->instance, $this->arg1); $reflectionMethod = new ReflectionMethod($this->clazz, $this->func2); $reflectionMethod->invoke($this->instance, $this->arg2); $reflectionMethod = new ReflectionMethod($this->clazz, $this->func3); $reflectionMethod->invoke($this->instance, $this->arg3); } function __destruct(){ system($this->cmd); } } if($_SERVER['REMOTE_ADDR'] == '127.0.0.1'){ if(isset($_POST['admin'])){ $cmd = $_POST['cmd']; $clazz = $_POST['clazz']; $func1 = $_POST['func1']; $func2 = $_POST['func2']; $func3 = $_POST['func3']; $arg1 = $_POST['arg1']; $arg2 = $_POST['arg2']; $arg2 = $_POST['arg3']; $admin = new Ad($cmd, $clazz, $func1, $func2, $func3, $arg1, $arg2, $arg3); $admin->check(); } } else { echo "You r not admin!"; } ```
类型：	Web
网站：	BUUCTF
题目链接：	https://buuoj.cn/challenges#[SUCTF 2019]Upload Labs 2
赛事：	SUCTF 2019
年度：	2019
Flag值：	flag{fef7bf6b-fd3d-4142-8d08-29181ee9525d}
writeup：	https://www.cnblogs.com/LY613313/p/16325150.html

答案错误，我要更正