cc1
反序列链入口在InvokerTransformer的类中,类中有一个public方法,里面使用了反射,可以执行任意方法 12345678910111213141516171819202122 public InvokerTransformer(String methodName, Class[] paramTypes, Object[] args) { this.iMethodName = methodName; this.iParamTypes = paramTypes; this.iArgs = args; }public Object transform(Object input) { if (input == null) { return null; } else { try { Class cls = input.getClass(); Method m...
2025强网杯web ezphp分享
EZphpbase64解码得到 function generateRandomString($length = 8) { $characters = 'abcdefghijklmnopqrstuvwxyz'; $randomString = ''; for ($i = 0; $i < $length; $i++) { $r = rand(0, strlen($characters) - 1); $randomString .= $characters[$r]; } return $randomString; } date_default_timezone_set('Asia/Shanghai'); class test { public $readflag; public $f; public $key; public function __construct() &#...
