PHPCode
strcmp
题目描述
<?php
include("flag.php");
highlight_file(__FILE__);
if (isset($_GET['a'])) {
if (strcmp($_GET['a'], $flag) == 0) //如果 str1 小于 str2 返回 < 0; 如果 str1大于 str2返回 > 0;如果两者相等,返回 0。
//比较两个字符串(区分大小写)
die('Flag: '.$flag);
else
print 'No';
}
?> 语法:
strcmp(str1,str2)md5
题目描述
<?php
error_reporting(0);
include("flag.php");
highlight_file(__FILE__);
if (isset($_GET['username']) and isset($_GET['password'])) {
if ($_GET['username'] == $_GET['password'])
print 'Your password can not be your username.';
else if (md5($_GET['username']) === md5($_GET['password']))
die('Flag: '.$flag);
else
print 'Invalid password';
}
?> QNKCDZO
0e830400451993494058024219903391
240610708
0e462097431906509019562988736854
sha
题目描述
<?php
include("flag.php");
highlight_file(__FILE__);
if (isset($_GET['name']) and isset($_GET['password'])){
var_dump($_GET['name']);
echo " ";
var_dump($_GET['password']);
var_dump(sha1($_GET['name']));
var_dump(sha1($_GET['password']));
if ($_GET['name'] == $_GET['password'])
echo 'Your password can not be your name!';
else if (sha1($_GET['name']) === sha1($_GET['password']))
die('Flag: '.$flag);
else
echo 'Invalid password.';
}
else
echo 'Login first!';
?>hash
题目描述
<?php
error_reporting(0);
include("flag.php");
$hashed_key = 'd1ae9ee95ff52b64fae95e565d57fb3943de636df77f77b96fb2290338aa11b2';
$parsed = parse_url($_SERVER['REQUEST_URI']);
if(isset($parsed["query"])){
$query = $parsed["query"];
$parsed_query = parse_str($query);
if($parsed_query!=NULL){
$action = $parsed_query['action'];
}
if($action === "auth"){
$key = $_GET["key"];
$hashed_input = hash('sha256', $key);
if($hashed_input !== $hashed_key){
die("no");
}
echo $flag;
}
}else{
highlight_file(__FILE__);
}?>例如:
<?php
$url = 'http://username:password@hostname/path?arg=value#anchor';
$parsed = parse_url($url); //解析为关联数组
print_r($parsed);
echo "<br>";
$query = $parsed["query"]; //输出数组中对象
print($query);
echo "<br>";
var_dump($query);
$parsed_query = parse_str($query); //解析为字符串
echo "<br>";
var_dump($parsed_query);
echo "<br>";
$action = $parsed_query['action'];
var_dump($action);
?>输出结果为:
Array ( [scheme] => http [host] => hostname [user] => username [pass] => password [path] => /path [query] => arg=value [fragment] => anchor )
arg=value
string(9) "arg=value"
NULL
NULL?query=&hashed_key=2e7d2c03a9507ae265ecf5b5356885a53393a2029d241394997265a1a25aefc6authcmd5equal
题目描述
<?php
include("flag.php");
highlight_file(__FILE__);
$md51 = md5('QNKCDZO');
$a = @$_GET['a'];
$md52 = @md5($a);
if(isset($a)){
if ($a != 'QNKCDZO' && $md51 == $md52) {
echo $flag;
} else {
echo "false!!!";
}
}
else{echo "please input a";}
?> please input a0e开头的md5和原值:
QNKCDZO
0e830400451993494058024219903391
240610708
0e462097431906509019562988736854
s878926199a
0e545993274517709034328855841020
s155964671a
0e342768416822451524974117254469
......
以上纯属个人做法,如有不同观点,请多多留言交流
题目来自于WgpSec CTF(狼族安全团队CTF)