Seize two tips:
1.md5 collision
2.please input a
== 0 is set up using the string, which can bypass the MD5 checksum.
So find a md5 is the value at the beginning of 0e, because the string php when dealing == encountered when one side is beginning to put the string of a string of 0e considered scientific notation, so that 0
So payload: ? A = s878926199a
s155964671a
s214587387a
s214587387a
s878926199a
pick a
