Table of contents
Find the native class of the file:
Native class for reading files:
Foreword:
I played CTF a few days ago and encountered a question like this
<?php
$a = $_GET['a'];
$b = $_GET['b'];
echo new $a($b);
?>Obviously, there is no available class given in the question, which requires the use of the native class in PHP. As the name suggests, it is the class that comes with PHP
Find the native class of the file:
DirectoryIterator:
This class can cooperate with the glob pseudo-protocol to find files. It will create an iterator for the specified directory. When encountering echo output, it will trigger the __toString() method in Directorylterator , and output the first file name after sorting in the specified directory.
For example:
Directorylterator(glob://*flag*)FilesystemIterator:
This inherits the DirectoryIterator class, using the same method as above
GlobIterator:
As can be seen from the name, this has a global nature and can search for global files, so there is no need to use the glob:// pseudo-protocol
Can be used directly:
GlobIterator(*flag*)Native class for reading files:
SplFileObject:
When we find sensitive files through native classes that can find files, we can use this class to read the contents of sensitive files
This class also triggers the __toString() method in SplFileObject via echo . (This class does not support wildcards , so the full file name must be obtained first)
For example:
SplFileObject(flag.php)But if you add the file directly, it will only return the first line of characters in the file. If you want to return the entire content of the file, you must use the php://filter pseudo-protocol
Summarize:
To play CTF, you still need to learn more and practice more. The knowledge points you encounter in the questions are all kinds of strange, so you should accumulate more and stick to one CTF question a day.
For more related articles, please check the author's blog 
http://blog.byzhb.top/