[NISACTF 2022]middlerce PHP利用PCRE回溯次数限制绕过某些安全限制 PHP利用PCRE回溯次数限制绕过某些安全限制 | 离别歌 (leavesongs.com) 代码: 1234567891011121314151617<?phpinclude "check.php";if (isset($_REQUEST['letter'])){ $txw4ever = $_REQUEST['letter']; if (preg_match('/^.*([\w]|\^|\*|\(|\~|\`|\?|\/| |\||\&|!|\<|\>|\{|\x09|\x0a|\[).*$/m',$txw4ever)){ die("再加把油喔"); } else{ $command = json_decode($txw4ever,true)['cmd']; checkdata($command); @eval($command); }}else{ highlight_file(__FILE__);}?>
