Bugku Variable 1

Topic links

This is a code audit.

Flag in the variable! <?php

error_reporting (0);
Include "flag1.php";
Highlight_file (file);
if (isset ($_get[' args ')) {
$args = $_get[' args '];
if (!preg_match ("/^\w+$/", $args)) {
Die ("args error!");
}
Eval ("Var_dump ($ $args);");
}
?>

Catch two places, one is the regular expression match, does not match the direct die, the regular expression should be match is a string of letters. Then the most critical is the last $ $args, which is the meaning of the mutable variable, such as the value of $args is the variable name of the other variable. Then $ $args represents another variable. So we give args a variable name, then PHP's nine global variables, one for a try.

• $_post [Data for receiving POST submissions]
  
• $_get [parameter data to get URL address bar]
  
• $_files [processing img for file handling is the most common]
• $_cookie [used to get the name value in Setcookie ()]
• $_session [for storing the value of the session or getting the value in session]
• $_request [with get,post function, but slower]
• Server[is one of the predefined server variables, all server[are one of the predefined server variables, and all _server [are one of the predefined server variables, all at the beginning of the _server
• $GLOBALS [a globally combined array containing all the variables]
• $_env [is an array that contains server-side environment variables. It is a super global variable in PHP, and we can access it directly from anywhere in the PHP program]

When Args=globals, flag appears.

Array (7) {["GLOBALS"]=> recursion ["_post"]=> Array (0) {} ["_get"]=> Array (1) {["args"]=> string (7 "GLOBALS"} ["_cookie"]=> Array (0) {} ["_files"]=> Array (0) {} ["ZFkwe3"]=> string] "Flag{92853051ab894a64 F7865CF3C2128B34} "[" Args "]=> string (7)" GLOBALS "}

Bugku Variable 1