[CTF/Network Security] Detailed analysis of PHP2 problem solving in the offensive and defensive world
Translation: Can you authenticate this website?
index.php
index.php is a common file name, usually used in the root directory of the website in the web server. It is the default home page file name. When visiting a website, if no page file name is specified, the server will automatically load the index.php file.
In a web application, the index.php file is usually the entry file of the website. It contains the code to process user requests, interact with the database and generate relevant content of the page, etc. At the same time, it is one of the bridges connecting the back-end logic and the front-end interface.
no echo
.phps extension
The .phps extension is a special mode of PHP, also known as PHP PHP源代码查看器
, which displays PHP code in an HTML-like manner and highlights the code. This special mode is usually used for demos and sharing PHP code, not as the main file extension in production environments.
GET /index.phps
, the echo is as follows: This code decodes the id parameter in the HTTP request and compares it with . If they are equal , access is granted and a字符串admin
密钥值
posture
Since the browser will 一次
URL-decode the GET parameters, the urldecode function will further URL-decode the parameters. Encode the URL of admin twice, and then GET the parameters.
admin
URL Encoding —> %61%64%6D%69%6E
URL Encoding —>%2561%2564%256D%2569%256E
The problem solving is over, this article involves knowledge points .phps
and 浏览器对于参数的解码
I am Qiu said , see you next time.