Bugku ex-girlfriend

Others 2019-11-28 23:58:38 views: null

Open title directly tell us php is the world's best language. . .

View source

 

 

Found a code.txt hyperlink

I should point into what he said php code

 

 

Analysis Code

If there GET incoming v1 and there GET incoming v2 and there GET incoming v3

Define the variable v1v2v3 are equal GET incoming v1v2v3

If v1 is not equal to v2 and v1 of md5 weakly encrypted equal md5 encrypted v2

If v3 value is equal to the flag value of the outputs of the flag . . . .

Here it is clear to resort to using md5 bypass and strcmp Function Vulnerability

先是md5弱碰撞在网上有很多绕过的方法,这里等于QNKCDZOaabg7XS就行了

然后是strcmp的绕过,我们只需要定义v3为数组或则全局变量object就可以了

构造urlhttp://123.206.31.85:49162/?v1=QNKCDZO&v2=aabg7XSs&v3[]=1

得到flag

 

 

 

Guess you like

Origin www.cnblogs.com/wosun/p/11954883.html
Recommended
NetBSD bans submission of code generated by AI
Ranking
Talk dubbo of LRUCache
Chapter 1 Learning Summary
Introduction to Virtualization
pytorch 调用lstm
Six modules
[8086] The natural number of 1 to 36 into a 6x6 two-dimensional array of line-sequentially, and then print out the lower left half of the triangular array
mybatis mapper mapping file $ # {} {} understanding and
C language input and output buffer
c language floating-point input and output
andorid P version compatible, refer to Huawei
Daily
More
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)

Code World

© 2018 codetd.com