<?php
include("secret.php");
function waf($s){
$blocklist='php_elephant';
if(strpos($s,$blocklist)!==false){
die('No Hacking!');
}
}
if(isset($_POST['php_elephant'])){
if(!strcmp($elephant, $_POST['php_elephant'])){
$data = file_get_contents('php://input');
waf($data);
die("FLAG: flag{xxxxxx}");
}else{
die("WRONG");
}
}
?>
有没有师傅能帮忙看一下这道题,怎么构造payload。
