<?
php
error_reporting(0
);
function noother_says_correct(
$temp)
{
$flag = 'flag{test}'
;
$one =
ord('1');
//ord — 返回字符的 ASCII 码值
$nine =
ord('9');
//ord — 返回字符的 ASCII 码值
$number = '3735929054'
;
// Check all the input characters!
for (
$i = 0;
$i <
strlen(
$number);
$i++
)
{
// Disallow all the digits!
$digit =
ord(
$temp{
$i});
if ( (
$digit >=
$one) && (
$digit <=
$nine) )
{
// Aha, digit not allowed!
return "flase"
;
}
}
if(
$number ==
$temp)
return $flag;
}
$temp =
$_GET['password'
];
echo noother_says_correct(
$temp);
?>
password包含number的值3735929054,又不能有1和9
将number的值转化为16进制
payload
http://123.206.87.240:9009/20.php?password=0xdeadc0de
flag{Bugku-admin-ctfdaimash}
转载于:https://www.cnblogs.com/gaonuoqi/p/11408145.html
