1. Global variables of PHP
automation
:
$GLOBALS
— refers to all variables available in the global scope, a global combination array containing all variables. The name of the variable is the key of the array.
flag In the variable ! <?php
error_reporting(0);
include "flag1.php";
highlight_file(__file__);
if(isset($_GET['args'])){
$args = $_GET['args'];
if(!preg_match("/^\w+$/",$args)){
die("args error!");
}
eval("var_dump($$args);");
}
?>The regular expression "/^\w+$/" matches a character string, \w means character+digit+underscore {az,AZ,_,0-9 } . If it does not match, it will output ``args error!''\
Two `/``/` indicate the beginning and end of the regular expression, `^` start character, `$` end character, `+` means there can be one or more `\w`.
Variables in PHP can be used as the variable name of another variable: $$args, combined with the first sentence flag In the variable!
So construct the payload: URL?args=BLOBLAS
All args can be burst, including flag.