# 简单解释
Exception是PHP的内置类，用来处理异常的基类
https://www.php.net/manual/zh/class.exception.php

```php
class Exception implements Throwable {  
    /** The error message */  
    protected $message;  
    /** The error code */  
    protected $code;  
    /** The filename where the error happened  */  
    protected $file;  
    /** The line where the error happened */  
    protected $line;  
 
 
    /**  
     * Clone the exception     * Tries to clone the Exception, which results in Fatal error.     * @link https://php.net/manual/en/exception.clone.php  
     * @return void  
     */    final private function __clone() { }  
 
    /**  
     * Construct the exception. Note: The message is NOT binary safe.     * @link https://php.net/manual/en/exception.construct.php  
     * @param string $message [optional] The Exception message to throw.  
     * @param int $code [optional] The Exception code.  
     * @param null|Throwable $previous [optional] The previous throwable used for the exception chaining.  
     */    #[Pure]  
    public function __construct($message = "", $code = 0, Throwable $previous = null) { }  
 
    /**  
     * Gets the Exception message     * @link https://php.net/manual/en/exception.getmessage.php  
     * @return string the Exception message as a string.  
     */    #[Pure]  
    final public function getMessage() { }  
 
    /**  
     * Gets the Exception code     * @link https://php.net/manual/en/exception.getcode.php  
     * @return mixed|int the exception code as integer in  
     * <b>Exception</b> but possibly as other type in  
     * <b>Exception</b> descendants (for example as  
     * string in <b>PDOException</b>).  
     */    #[Pure]  
    final public function getCode() { }  
 
    /**  
     * Gets the file in which the exception occurred     * @link https://php.net/manual/en/exception.getfile.php  
     * @return string the filename in which the exception was created.  
     */    #[Pure]  
    final public function getFile() { }  
 
    /**  
     * Gets the line in which the exception occurred     * @link https://php.net/manual/en/exception.getline.php  
     * @return int the line number where the exception was created.  
     */    #[Pure]  
    final public function getLine() { }  
 
    /**  
     * Gets the stack trace     * @link https://php.net/manual/en/exception.gettrace.php  
     * @return array the Exception stack trace as an array.  
     */    #[Pure]  
    final public function getTrace() { }  
 
    /**  
     * Returns previous Exception     * @link https://php.net/manual/en/exception.getprevious.php  
     * @return Exception the previous <b>Exception</b> if available  
     * or null otherwise.     */    #[Pure]  
    final public function getPrevious() { }  
 
    /**  
     * Gets the stack trace as a string     * @link https://php.net/manual/en/exception.gettraceasstring.php  
     * @return string the Exception stack trace as a string.  
     */    #[Pure]  
    final public function getTraceAsString() { }  
 
    /**  
     * String representation of the exception     * @link https://php.net/manual/en/exception.tostring.php  
     * @return string the string representation of the exception.  
     */    public function __toString() { }  
 
    public function __wakeup() { }  
}
```

我这里去看看__toString方法
https://www.php.net/manual/zh/exception.tostring.php

看图就好了

 

 

# 直接来命令执行：
```php
<?php  
$a= new Exception(phpinfo());  
echo $a;```

就会输出phpinfo
直接命令执行就很好。
```php
<?php  
$a= new Exception(system('whoami'));  
echo $a;```

```php
<?php  
$a= new Exception(system("dir"));  
echo $a->__toString();
```
还挺万能东西

# CTF题
有挺多的，懒得列了