简单解释
Exception是PHP的内置类,用来处理异常的基类
传送门
class Exception implements Throwable { /** The error message */ protected $message; /** The error code */ protected $code; /** The filename where the error happened */ protected $file; /** The line where the error happened */ protected $line; /** * Clone the exception * Tries to clone the Exception, which results in Fatal error. * @link https://php.net/manual/en/exception.clone.php * @return void */ final private function __clone() { } /** * Construct the exception. Note: The message is NOT binary safe. * @link https://php.net/manual/en/exception.construct.php * @param string $message [optional] The Exception message to throw. * @param int $code [optional] The Exception code. * @param null|Throwable $previous [optional] The previous throwable used for the exception chaining. */ #[Pure] public function __construct($message = "", $code = 0, Throwable $previous = null) { } /** * Gets the Exception message * @link https://php.net/manual/en/exception.getmessage.php * @return string the Exception message as a string. */ #[Pure] final public function getMessage() { } /** * Gets the Exception code * @link https://php.net/manual/en/exception.getcode.php * @return mixed|int the exception code as integer in * <b>Exception</b> but possibly as other type in * <b>Exception</b> descendants (for example as * string in <b>PDOException</b>). */ #[Pure] final public function getCode() { } /** * Gets the file in which the exception occurred * @link https://php.net/manual/en/exception.getfile.php * @return string the filename in which the exception was created. */ #[Pure] final public function getFile() { } /** * Gets the line in which the exception occurred * @link https://php.net/manual/en/exception.getline.php * @return int the line number where the exception was created. */ #[Pure] final public function getLine() { } /** * Gets the stack trace * @link https://php.net/manual/en/exception.gettrace.php * @return array the Exception stack trace as an array. */ #[Pure] final public function getTrace() { } /** * Returns previous Exception * @link https://php.net/manual/en/exception.getprevious.php * @return Exception the previous <b>Exception</b> if available * or null otherwise. */ #[Pure] final public function getPrevious() { } /** * Gets the stack trace as a string * @link https://php.net/manual/en/exception.gettraceasstring.php * @return string the Exception stack trace as a string. */ #[Pure] final public function getTraceAsString() { } /** * String representation of the exception * @link https://php.net/manual/en/exception.tostring.php * @return string the string representation of the exception. */ public function __toString() { } public function __wakeup() { }
}
我这里去看看__toString方法
https://www.php.net/manual/zh/exception.tostring.php
直接来命令执行:
<?php
$a= new Exception(phpinfo());
echo $a;```就会输出phpinfo
直接命令执行就很好。
```php
<?php
$a= new Exception(system('whoami'));
echo $a;``````php
<?php
$a= new Exception(system("dir"));
echo $a->__toString();
还挺万能东西
CTF题
还蛮多的
