? < PHP the error_reporting (0 ); function noother_says_correct ( $ TEMP ) { $ In Flag = 'In Flag Test {}' ; $ One = the ord ( '. 1'); // the ord - returns the ASCII value of $ Nine = the ord ( '. 9'); // the ord - returns the ASCII value of $ Number = '3,735,929,054' ; // ! All the Check the INPUT characters for ( $ I = 0; $ I < strlen ( $ Number ); $ I ++ ) { // Disallow all the digits! $digit = ord($temp{$i}); if ( ($digit >= $one) && ($digit <= $nine) ) { // Aha, digit not allowed! return "flase"; } } if($number == $temp) return $flag; } $temp = $_GET['password']; echo noother_says_correct($temp); ?>
contains the value 3735929054 number of password, and can not have a 9
The value of the hexadecimal number is converted to
payload
http://123.206.87.240:9009/20.php?password=0xdeadc0de
flag{Bugku-admin-ctfdaimash}