\u4f7f\u7528post\u4f20\u53c2\uff0c\u53d1\u73b0\u6709\u8fc7\u6ee4\n<\/p>\n
\u5c1d\u8bd5\u8bfb\u53d6index.php\n
$path = $_POST["flag"];<\/p>\n
if (strlen(file_get_contents(‘php:\/\/input’)) < 800 && preg_match(‘\/flag\/’, Extra open brace or missing close brace<\/title><g data-mml-node=\"mtext\" style=\"fill: red; stroke: red; font-family: serif;\"><text data-variant=\"-explicitFont\" transform=\"scale(1,-1)\" font-size=\"884px\">path)) { echo ‘nssctf waf!’; } else { @include(<\/text><\/g><\/g><\/g><\/g><\/svg><mjx-assistive-mml unselectable=\"on\" display=\"inline\" style=\"top: 0px; left: 0px; clip: rect(1px, 1px, 1px, 1px); -webkit-touch-callout: none; -webkit-user-select: none; -khtml-user-select: none; -moz-user-select: none; -ms-user-select: none; user-select: none; position: absolute; padding: 1px 0px 0px 0px; border: 0px; display: block; width: auto; overflow: hidden;\"><math xmlns=\"http:\/\/www.w3.org\/1998\/Math\/MathML\"><merror data-mjx-error=\"Extra open brace or missing close brace\" title=\"Extra open brace or missing close brace\"><mtext>path)) { echo ‘nssctf waf!’; } else { @include(<\/mtext><\/merror><\/math><\/mjx-assistive-mml><\/mjx-container>path);<br \/>\n}<br \/>\n?><\/p>\n<p>\u8fd9\u6bb5 PHP \u4ee3\u7801\u901a\u8fc7 POST \u83b7\u53d6<code>flag<\/code>\u53c2\u6570\u503c\u8d4b\u7ed9<code>$path<\/code>\uff0c\u82e5 POST \u6570\u636e\u957f\u5ea6\u5c0f\u4e8e 800 \u4e14<code>$path<\/code>\u542b<code>flag<\/code>\u5c31\u8f93\u51fa\u63d0\u793a\uff0c\u5426\u5219\u5c1d\u8bd5\u5305\u542b<code>$path<\/code>\u6307\u5b9a\u6587\u4ef6\u3002\uff08\u53ea\u9700\u8981\u4e0d\u6ee1\u8db3\u4e00\u4e2a\u6761\u4ef6\u5c31\u884c\uff09<br \/>\nphp:\/\/input\uff1a\u5c06post\u4f20\u9012\u7684\u6570\u636e\u5f53\u4f5c\u4ee3\u7801\u6267\u884c<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/Pasted-image-20241130112624.png\" alt=\"Pasted image 20241130112624.png\"><\/p>\n<p>\u89e3\u7801\uff1a<br \/>\n<?php =’NSSCTF{2fd0ccf6-aa21-4c83-b669-a3d0585056e5}’;<br \/>\n?><\/p>\n<h3>\u603b\u7ed3<\/h3>\n<h4>php\u4f2a\u534f\u8bae\uff1a<\/h4>\n<p>php:\/\/input\uff1a\u5c06POST\u4f20\u9012\u7684\u6570\u636e\u5f53\u4f5cphp\u4ee3\u7801\u6267\u884c<br \/>\nphp:\/\/filter:\u8bfb\u53d6\u6587\u4ef6\u5185\u5bb9<\/p>\n<h4>\u6587\u4ef6\u5305\u542b<\/h4>\n<p>include\uff08\uff09\u5305\u542b\u51fd\u6570<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4f7f\u7528post\u4f20\u53c2\uff0c\u53d1\u73b0\u6709\u8fc7\u6ee4 \u5c1d\u8bd5\u8bfb\u53d6index.php \u89e3\u7801\u540e\u7684\u7ed3\u679c\uff1a <?php $path = $ […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,22,23],"tags":[31,28,27],"class_list":["post-954","post","type-post","status-publish","format-standard","hentry","category-ctf","category-ctf-web","category-nssctf","tag-php","tag-27"],"_links":{"self":[{"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/posts\/954","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/comments?post=954"}],"version-history":[{"count":1,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/posts\/954\/revisions"}],"predecessor-version":[{"id":955,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/posts\/954\/revisions\/955"}],"wp:attachment":[{"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/media?parent=954"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/categories?post=954"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/tags?post=954"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Pasted](\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\")
![\"Pasted](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/Pasted-image-20241130110839.png\")
<\/div>![\"Pasted](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/Pasted-image-20241130110920.png\")
<\/p>\n![\"Pasted](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/Pasted-image-20241130110959.png\")
<\/p>\n![\"Pasted](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/Pasted-image-20241130112301.png\")
<\/div>