Most of the questions I have done recently are code audits. In addition to some questions I have done before, I want to sort out the function loopholes encountered and take them as notes.
①md5( ) function vulnerability
md5($a)==md5($b)
php use! When = or == is weakly compared, the hash value starting with 0e will be interpreted as 0
Common payloads
QNKCDZO
s878926199a
s214587387a
②Construct a number that satisfies the conditions:
$number is not a number; $number==strval(intval($number)); $number is not a palindrome
Let's look at the operating system here. The 32-bit signed int range is -2147483648~2147483647
;
Available payloads
32nd place: 2147483647
% 00;% 00
2147483647; 2147483647 % 20
64th place: 9223372036854775807 % 00;% 00 9223372036854775807; 9223372036854775807 % 20
%00 can be placed before and after the number, and %20 can only be placed after; the %00 or %20 here can interpret the number as a string
There is another way, constructing 0=0
payload
0e-0% 00
③sha1 function
sha1($_GET['name']) === sha1($_GET['password'])
Construct usl?name[]=admin&password[]=123