目录 [GXYCTF 2019]Ping Ping Ping 内联执行 [鹤城杯 2021]EasyP  ['PHP_SELF']、$_SERVER['SCRIPT_NAME'] 与 $_SERVER['REQUEST_URI'] RCE命令注入可参考： RCE漏洞及其绕过——[SWPUCTF 2021 新生赛]easyrce、caidao、babyrce-CSDN博客  [

[鹤城杯 2021]EasyP wp 参考博客： basename()绕过小结 request导致的安全性问题分析 源码分析 首先进入题目，看到代码： <?phpinclude 'utils.php';if (isset($_POST['guess'])) {$guess = (string) $_POST['guess'];if ($guess === $secret) {$mes

NSS [鹤城杯 2021]EasyP 直接给了源码 <?phpinclude 'utils.php';if (isset($_POST['guess'])) {$guess = (string) $_POST['guess'];if ($guess === $secret) {$message = 'Congratulations! The flag is: ' . $flag;} e