Point open question, he told us flag hidden in a six variables
Click-through link
See some php codes
Probably means
Here quoted flag.php file (that is, hidden files, we can not see)
a is @ $ _REQUEST [ 'hello'] , meaning a variable and hello synchronization
Then compare some A , if not on the output error , which means our A , the Hello To meet the definition of a string
Then a eval function: the string as PHP code calculated
Do the conversion means, to a converted into a string and then defined as a variable
Then var_dump function
This is a $$ a value of the order on display
$$ a is to a value of variable names used to do, such as $ a = 123 Ze $$ a = $ 123
这里的信息就是打印出a赋值的信息比如$a=123456则这里就会打印出var_dump(123456)的字符串
最后一行show_source(__FILE__)没什么用,只是将php代码进行高亮,方便阅读
所有这里的题就是让我们猜出$a的值,其值为六位,如果对了就会通过var_dump打印出来
所有这里可以进行爆破而$a的值是通过hello来赋值的,意思是我们对hello进行赋值就行了
开始解题
随意再url处进行post传值,对hello进行赋值,赋值需为字符串,如果$hello存在就会有显示,否则返回NULL,这里就可以对hello的值进行六位字符串的爆破,不过太麻烦了,这里使用全局变量GLOBALS,将GLOBALS赋值给hello则hello就会等于全局变量的任意一个,而var_dump则会打印出所有的$hello赋值情况
得到flag
这里的hello值为d3f0f8,果然是一个六位的字符串
如果爆破,我觉得也可以得出来,不过会麻烦一点
提交的时候是复制整个flag进行提交比如复制flag{123141}进行提交