http://bmzclub.cn/challenges#rcee
you are in sandbox: c718030a6758042d932a08acf4a8c265
<?php
$sandbox = md5("box".$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
echo "you are in sandbox: ".$sandbox."<br/>";
@mkdir($sandbox);
chdir($sandbox);
$command = $_GET['command'];
if(strlen($command) < 8){
system($command);
}
show_source(__FILE__);直接就命令执行,限制了长度不能超过8位
根目录就有flag
直接cat /f* 刚好7个字符
