Simple methods to bypass PHP md5 () function, as the study notes that the article simply record it.
example
Link example:
http://ctf5.shiyanbar.com/web/houtai/ffifdyop.php
The main code segment:
1 $password=$_POST['password']; 2 $sql = "SELECT * FROM admin WHERE username = 'admin' and password = '".md5($password,true)."'"; 3 $result=mysqli_query($link,$sql); 4 if(mysqli_num_rows($result)>0){ 5 echo 'flag is :'.$flag; 6 } 7 else{ 8 echo '密码错误!'; 9 }
PHP md5 () function
MD5 () function MD5 hash calculated string.
md5 () function uses the RSA Data Security, including the MD5 message digest algorithm.
From RFC 1321 explains - MD5 message digest algorithm: MD5 message digest algorithm arbitrary length information as an input value, and converted it into a 128-bit "fingerprint" or "message digest" value to represent the input value, and is converted value as a result. MD5 algorithm primarily for digital signature applications designed; digital signature in this application, large files will be encrypted (by encryption process here is in a cryptographic system: a public key [such as the RSA] in set the private key and completed) in a secure manner before compression.
To calculate the MD5 hash of the file, use the md5_file () function.
Syntax: md5 (string, raw)
String : encrypted string required
RAW : optional parameter TRUE or FALSE. FALSE (the default, 32-character hexadecimal number); TRUE (binary format of the original character 16
)
Workaround
Using MD5 () function of the encrypted string reaches sql injection, destruction sql statement structure.
Common string: ffifdyop
In the above examples, the Enter ffifdyop, sql statement structure becomes:
SELECT * FROM admin WHERE pass = ''or'6<trash>'
So as to achieve the effect of bypassing MD5 () function
Thus the simple end of the study notes.