php代码分析

cml123

求大佬帮忙分析这段代码，怎么样读取文件

<?php
/**
    maybe you need get the contents in hint.php!

    Ohhhhh you don't know how to get it?

    Why don't you try readfile?
**/
error_reporting(0);
show_source(__FILE__);

Class Hello{

    public $filename;
    public $contents;

    public function __construct(){
        $this->filename = "hint.php";
        $this->contents = "you guess";
    }

    public function fileread(){
        echo "keep going";
    }
}

$a = $_GET["a"];
$b = $_GET["b"];
$c = $_GET["c"];
$d = $_GET["d"];
$e = $_GET["e"];
$f = $_GET["f"];
$g = $_GET["g"];


$class = new $a($b);
$str1 = substr($class->$c(),$d,$e);
$str2 = substr($class->$c(),$f,$g);
$str1($str2);

院主

show_source函数起到了关键性作用

cml123

院主 发表于 2021-12-20 16:01
show_source函数起到了关键性作用

具体要怎么构造呢，需要读取hint.php里面的内容

Arantist

不知道，php还不熟

btc001

$d,$e，$f,$g 都是数字
主要是分析 $a($b) 到底定义的是什么

闷骚小贱男

你发错版块了
请发『编程语言讨论求助区』：https://www.52pojie.cn/forum-74-1.html
或者『悬赏问答区』：https://www.52pojie.cn/forum-8-1.html

冰茶荼

$a=ReflectionClass，lz试试
千万不要删除注释哦
这道题的特色就在注释
没有注释无法获取哦

冰茶荼

[PHP] 纯文本查看 复制代码

<?php

/**
    maybe you need get the contents in hint.php!

    Ohhhhh you don't know how to get it?

    Why don't you try readfile?
**/
// error_reporting(0);
show_source(__FILE__);
Class Hello{

    public $filename;
    public $contents;

    public function __construct(){
        $this->filename = "hint.php";
        $this->contents = "you guess";
    }

    public function fileread(){
        echo "keep going";
    }
}

$a = $_GET["a"];
$b = $_GET["b"];
$c = $_GET["c"];
$d = $_GET["d"];
$e = $_GET["e"];
$f = $_GET["f"];
$g = $_GET["g"];

$class = new $a($b);
$str1 = substr($class->$c(),$d,$e);
$str2 = substr($class->$c(),$f,$g);
$str1($str2);
// var_dump($str2);
// $str1($str2);
?>

首先想到的是$a可能是反射类 ReflectionClass
然后用反射类的方法 getDocComment 获取注释
注释里面有 readfile方法名称 hint.php 文件名称
通过分割字符串 拼接方法，不是很难就是ReflectionClass 反射类平常不会用到


附成功截图