# [NewStarCTF 公开赛赛道] UnserializeOne
<?phperror_reporting(0);highlight_file(__FILE__);#Something useful for you : https://zhuanlan.zhihu.com/p/377676274class Start{ public $name; protected $func; public function __destruct() { echo "Welcome to NewStarCTF,...
NewStarCTF2023 新生赛_BabySSTI_Three
之前用的是字符串逆序绕过,这里过滤了:,然后用十六进制绕过即可
def hex_payload(payload):
res_payload = ''
for i in payload:
i = "\\x" + hex(ord(i))[2:]
res_payload += i
print('[+]"{}" Convert to hex:...