Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs(web/php-class): 添加题解、更新源码 #54

Merged
merged 7 commits into from
Nov 1, 2024
Merged

docs(web/php-class): 添加题解、更新源码 #54

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
12cd75b
feat(web/php-class): 添加题目信息和构建文件
13m0n4de Sep 5, 2024
bfa1bfb
ci(web/php-class): 添加工作流文件
13m0n4de Sep 5, 2024
2ab77c1
refactor(web/php-class): 重新设计类相关结构和方法
13m0n4de Oct 25, 2024
d72439f
ci(web/php-class): 新增触发分支
13m0n4de Oct 25, 2024
05261c8
refactor(web/php-class): 修改输出内容格式
13m0n4de Oct 25, 2024
712f0ba
docs(readme): 添加题解
13m0n4de Nov 1, 2024
f2346a1
Merge branch 'main' into web/php-class
13m0n4de Nov 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/web.php_class.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ name: Challenge PHP Class

on:
push:
branches: ["main"]
branches: ["main", "web/php-class"]
paths:
- "!**/README.md"
- "challenges/web/php_class/build/**"
Expand Down
79 changes: 69 additions & 10 deletions challenges/web/php_class/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,75 @@
# PHP Class
---
title: PHP Class
author: SMJB
difficulty: Normal
category: Web
image: ghcr.io/svuctf/svuctf-helloworld-2024/php_class:latest
port: 80
writeup_author: 13m0n4de
tags:
- php
reference:
---

- 作者:-
- 参考:-
- 难度:-
- 分类:Web
- 镜像:-
- 端口:-
# PHP Class

## 题目描述

<description>

## 题目解析

<analysis>
以下是对题目源码的详细解释:

```php
<?php

include("flag.php"); // 引入 flag.php

highlight_file(__FILE__); // 输出当前文件源码

// 定义 SVUCTF 类
class SVUCTF
{
// 定义类属性,public 代表可以被外部访问和修改
public $username = "admin";
public $password = "H3ll0_W0rld!";
public $vip = false;

// 登录方法,接收用户名和密码两个参数
public function login($u, $p)
{
// 如果密码为预定义的 vip 用户名和密码,设置 vip 属性为 true
if ($this->username === $u && $this->password === $p) {
$this->vip = true;
}
return $this->vip; // 返回 vip 属性的值
}
}

if (isset($_GET["username"]) && isset($_GET["password"])) { // 检查是否传入 GET 参数
$svu = new SVUCTF(); // 创建 SVUCTF 实例
if ($svu->login($_GET["username"], $_GET["password"])) { // 调用实例的 login 方法
echo ("Welcome, " . $svu->username . ".<br>");
echo ("Flag: " . $flag); // flag 变量来自 flag.php
} else {
echo ("You are not VIP!");
}
} else {
echo ("Input your params!");
}
```

所以只需要 GET 传入正确的用户名和密码:

```
http://<IP>:<PORT>/?username=admin&password=H3ll0_W0rld!
```

## 其他

验题的时候很纠结,看着是想要考察对于 PHP 类的基本知识,但只要识别出需要发送的 GET 请求数据就能获得 Flag,据说确实有选手是这么写的。

但如果专注于 PHP 类的知识,把类做得复杂,代码审计量就有点过头了,甚至越过了反序列化那题的难度。

难度给到了 Normal,对于题目设计初衷来说确实符合,但事实可能不然。

比较尴尬的题目。
40 changes: 19 additions & 21 deletions challenges/web/php_class/build/html/index.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,34 +1,32 @@
<?php

include("flag.php");

highlight_file(__FILE__);

class SVUCTF
{
public $username;
public $password;
private $vip = false;
public $username = "admin";
public $password = "H3ll0_W0rld!";
public $vip = false;

public function __construct($username, $password)
public function login($u, $p)
{
if ($username === "admin" && $password === "HELLOWORLD") {
if ($this->username === $u && $this->password === $p) {
$this->vip = true;
}
$this->username = $username;
$this->password = $password;
}

public function getFlag()
{
if ($this->vip) {
include 'flag.php';
echo $flag;
} else {
echo "Welcome to the SVUCTF, " . $this->username;
}
return $this->vip;
}
}

if (isset($_GET["svu_u"]) && isset($_GET["svu_p"])) {
$svuctf = new SVUCTF($_GET["svu_u"], $_GET["svu_p"]);
$svuctf->getFlag();
}
if (isset($_GET["username"]) && isset($_GET["password"])) {
$svu = new SVUCTF();
if ($svu->login($_GET["username"], $_GET["password"])) {
echo ("Welcome, " . $svu->username . ".<br>");
echo ("Flag: " . $flag);
} else {
echo ("You are not VIP!");
}
} else {
echo ("Input your params!");
}
Loading