Open title directly tell us php is the world's best language. . .
View source
Found a code.txt hyperlink
I should point into what he said php code
Analysis Code
If there GET incoming v1 and there GET incoming v2 and there GET incoming v3
Define the variable v1v2v3 are equal GET incoming v1v2v3
If v1 is not equal to v2 and v1 of md5 weakly encrypted equal md5 encrypted v2
If v3 value is equal to the flag value of the outputs of the flag . . . .
Here it is clear to resort to using md5 bypass and strcmp Function Vulnerability
先是md5弱碰撞在网上有很多绕过的方法,这里等于QNKCDZO和aabg7XS就行了
然后是strcmp的绕过,我们只需要定义v3为数组或则全局变量object就可以了
构造url:http://123.206.31.85:49162/?v1=QNKCDZO&v2=aabg7XSs&v3[]=1
得到flag