1.bugku backup is a good habit
URL: http: //123.206.87.240: 8002 / web16 /
Into nothing, I think the title says backup backup files, so the back straight and then add .bak
Get the source code:
<?php
/**
* Created by PhpStorm.
* User: Norse
* Date: 2017/8/6
* Time: 20:22
*/
include_once "flag.php";
the ini_set ( "the display_errors", 0);
$ = Strstr STR ($ _ SERVER [ 'the REQUEST_URI'], '?'); // Strstr (str1, str2 ) search string str1 str2, if obtained after the presence of the remaining portion is returned str2 and str2;
= substr STR $ (STR $,. 1); // PHP obtained substr () is omitted here, the third parameter length, the first one taken from beginning to end;
$ STR = str_replace ( 'Key', '', $ str); // str_replace ( "world", "on shanghai", "! the Hello world") to get inside the world hello world into shanghai
// Here the input parameters obtained with the empty string to replace the key, it is necessary to double the bypass key
parse_str($str);
echo md5($key1);
echo md5($key2);
if(md5($key1) == md5($key2) && $key1 !== $key2){
echo $flag."取得flag";
}
?>