[MRCTF2020]Ez_bypass 1
https://buuoj.cn/
解题点:
1.MD5强碰撞
2.is_numerice() 绕过
代码审计:
if(isset($_GET['gg'])&&isset($_GET['id']))
{
$id=$_GET['id'];
$gg=$_GET['gg'];
if (md5($id) === md5($gg) && $id !== $gg)
{ echo 'You got the first step';
if(isset($_POST['passwd']))
{ $passwd=$_POST['passwd'];
if (!is_numeric($passwd))
{ if($passwd==1234567)
{ echo 'Good Job!';
highlight_file('flag.php');
die('By Retr_0'); }
else { echo "can you think twice??"; }
} else{ echo 'You can not get it !'; }
} else{ die('only one way to get the flag'); }
} else { echo "You are not a real hacker!"; }
} else{ die('Please input first'); } }
MD5碰撞用数组绕过:
?gg[]=111&id[]=222
passwd经过!is_numerice()不能为数字,且要弱等于1234567,即:
passwd=1234567a
参考:
https://www.cnblogs.com/xhds/p/12312223.html
https://www.cnblogs.com/Zhu013/p/11465859.html