Á·Ï°1
PHP´úÂë:
<?php
error_reporting(0);
highlight_file("pass-01.php");
if(isset($_GET["pass"])){
if($_GET["pass"] != hash("md4", $_GET["pass"])){
die('fail~~~');
}else{
echo "success!!!<br>";
echo file_get_contents('flag.txt')."\n";
echo "<a href='pass-02.php'>ÏÂÒ»¹Ø</a>";
}
}else{
echo "please input the pass";
}
?> please input the pass
º¯Êý½âÎö:
isset()
´úÂëÉó¼Æ:
pass´«ÈëµÄÖµºÍ¾¹ýmd4¼ÓÃܵÄÖµÏàµÈµÃµ½flag
½âÌâ:
MD4ÅöײµÃ:0e251288019
¡à pass=0e251288019
Á·Ï°2
PHP´úÂë:
<?php
error_reporting(0);
highlight_file("pass-02.php");
if(isset($_GET['user']) && isset($_GET['pass'])){
$user = $_GET['user'];
$pass = $_GET['pass'];
if($user != $pass && md5($user) == md5($pass)){
echo "success!<br>";
echo file_get_contents('flag.txt')."\n";
echo "<a href='pass-03.php'>?????€?¡3</a>";
}else{
echo "fail~~~";
}
}else{
echo "please input the user and pass!"."\n";
}
?> please input the user and pass!
´úÂëÉó¼Æ:
ͨ¹ýget·½Ê½»ñµÃµÄuserºÍpassÖµ²»ÏàµÈÇÒÁ½Õß¾¹ýMD5¼ÓÃܺóµÄÖµÏàµÈ
½âÌâ:
´«ÈëÊý×é,ĬÈÏMD5(Êý×é)·µ»ØNULL
ÓÃÊý×éÈƹýµÃ:
http:
Á·Ï°3
PHP´úÂë:
<?php
error_reporting(0);
highlight_file("pass-03.php");
if(isset($_GET['user']) && isset($_GET['pass'])){
$user = $_GET['user'];
$pass = $_GET['pass'];
if(!ctype_alpha($user) && !is_numeric($pass) && md5($user) == md5($pass)){
echo "success!<br>";
echo file_get_contents('flag.txt')."\n";
echo "<a href='pass-04.php'>?????€?¡3</a>";
}else{
echo "fail~~~";
}
}else{
echo "please input the user and pass!"."\n";
}
?> please input the user and pass!
º¯Êý½âÎö:
ctype_alpha()
is_numeric()
´úÂëÉó¼Æ:
º¯ÊýÇ°¼Ó¡° !¡±±íʾ·µ»Øfalse
user²»ÊÇ×ÖĸÇÒpass²»ÊÇÊý×ÖºÍÊý×Ö×Ö·û´®
ÇÒ¶þÕßMD5¼ÓÃܺóÖµÏàµÈ
ͬÑùÓÃÊý×éÈƹýµÃ
http:
Á·Ï°4
PHP´úÂë:
<?php
error_reporting(0);
highlight_file("pass-04.php");
if(isset($_GET['user']) && isset($_GET['pass'])){
$user = $_GET['user'];
$pass = $_GET['pass'];
if($user != $pass && md5($user) == md5(md5($pass))){
echo "success!<br>";
echo file_get_contents('flag.txt')."\n";
echo "<a href='pass-05.php'>?????€?¡3</a>";
}else{
echo "fail~~~";
}
}else{
echo "please input the user and pass!"."\n";
}
?> please input the user and pass!
´úÂëÉó¼Æ: ¸ÃÌâʹÓÃÁËMD5¶þ´Î¼ÓÃÜ,Ìõ¼þûÓÐÌ«¶àµÄÏÞÖÆ,Ö÷ÒªÒª½â¾öµÄÊÇ
md5($user) == md5(md5($pass))
»¯¼òµÃ:
$user == md5($pass)
¿ÉÒÔдһ´®php´úÂë:
<?php
echo md5(1);
echo "<br>";
echo md5(md5(1));
?>
½á¹ûÊÇ:
c4ca4238a0b923820dcc509a6f75849b
28c8edde3d61a0411511d3b1866f0636
×îºó´ð°¸Îª:
http:
×¢Òâ:¹Û²ìÏÂÃæÁ½¸öµØÖ·
http://192.168.1.1/pass-04/?user=c4ca4238a0b923820dcc509a6f75849b&pass=1
http://192.168.1.1/pass-04/?user=c4ca4238a0b923820dcc509a6f75849b &pass=1
ÕâÁ½¸öµØÖ·´«ÈëµÄuserÖµÊDz»Ò»ÑùµÄ,µÚ¶þ¸öµØÖ·ÔÚ¡°&pass=1¡±Ç°¶àÁ˸ö¿Õ¸ñ,Õâ»áµ¼ÖÂuser»á¶à´«Ò»¸ö¿Õ¸ñ½øÈ¥,¾ÍºÍmd5(md5(1))µÄµÄÖµ²»Ò»ÑùÁË
Á·Ï°5
PHP´úÂë:
<?php
error_reporting(0);
highlight_file("pass-05.php");
if(isset($_GET['user']) && isset($_GET['pass'])){
$user = $_GET['user'];
$pass = $_GET['pass'];
if($user != $pass && md5($user) === md5(md5($pass))){
echo "success!<br>";
echo file_get_contents('flag.txt')."\n";
echo "<a href='pass-06.php'>?????€?¡3</a>";
}else{
echo "fail~~~";
}
}else{
echo "please input the user and pass!"."\n";
}
?> please input the user and pass!
´úÂëÉó¼Æ: Ö÷ÒªÄѵãÊÇ:
md5($user) === md5(md5($pass))
ÓëµÚ4ÌâÏàËÆ,À´¿´Ò»Ï¼¸¸öµÈÓںŵÄÇø±ð
===±È½ÏÁ½¸ö±äÁ¿µÄÖµºÍÀàÐÍ
==±È½ÏÁ½¸ö±äÁ¿µÄÖµ,²»±È½ÏÊý¾ÝÀàÐÍ
×îºó´ð°¸Îª:
http:
Á·Ï°6
PHP´úÂë:
<?php
error_reporting(0);
highlight_file("pass-06.php");
if(isset($_GET['user']) && isset($_GET['pass'])){
$user = (string)$_GET['user'];
$pass = (string)$_GET['pass'];
if($user != $pass && md5($user) == md5(md5($pass))){
echo "success!<br>";
echo file_get_contents('flag.txt')."\n";
echo "<a href='pass-07.php'>?????€?¡3</a>";
}else{
echo "fail~~~";
}
}else{
echo "please input the user and pass!"."\n";
}
?> please input the user and pass!
²»×ö¹ý¶à½âÊÍ ×îºó´ð°¸Îª:
http:
Á·Ï°7
PHP´úÂë:
<?php
error_reporting(0);
highlight_file("pass-07.php");
if(isset($_GET['user']) && isset($_GET['pass'])){
$user = $_GET['user'];
$pass = $_GET['pass'];
if($user !== $pass && md5($user) === md5($pass)){
echo "success!<br>";
echo file_get_contents('flag.txt')."\n";
echo "<a href='pass-08.php'>?????€?¡3</a>";
}else{
echo "fail~~~";
}
}else{
echo "please input the user and pass!"."\n";
}
?> please input the user and pass!
²»×ö¹ý¶à½âÊÍÖ±½ÓÊý×éÈƹý ×îºó´ð°¸Îª:
http:
Á·Ï°8
PHP´úÂë:
<?php
error_reporting(0);
highlight_file("pass-08.php");
class auth{
public $user;
public $pass;
public function __destruct(){
$this->user = (string)$this->user;
if(strlen($this->user) > 3 || strlen($this->pass) >3){
echo "level1 is fail~~~";
}
if($this->user !== $this->pass && $this->user != $this->pass && md5($this->user) === md5($this->pass)){
echo "success!<br>";
echo file_get_contents("flag.txt");
}else{
echo "level2 is fail~~~";
}
}
}
unserialize($_POST['auth']);
?>
º¯Êý½âÎö:
__destruct()
strlen()
unserialize()
½âÌâ: ÒòΪ×îºó½øÐÐÊÇPOSTÊäÈëºó½øÐз´ÐòÁл¯,ËùÒÔÎÒÃÇÒª¹¹ÔìÒ»¸öÓë±¾Ìâ´úÂëÏàËƵĽøÐÐÐòÁл¯
<?php
class auth
{
public $user;
public $pass;
}
$a = new auth();
$a->user = NAN;
$a->pass = NAN;
echo serialize($a);
?>
Êä³ö½á¹ûΪ:
O:4:"auth":2:{s:4:"user";d:NAN;s:4:"pass";d:NAN;}
POSTÌá½»·½Ê½Ìá½»×îºó´ð°¸Îª:
auth=O:4:"auth":2:{s:4:"user";d:NAN;s:4:"pass";d:NAN;}
֪ʶµã: 1¡¢¹ØÓÚNANºÍINF
NAN ´ú±í·ÇºÏ·¨ÊýÖµ
INF ´ú±íÎÞÇî´ó
2¡¢NAN
NAN === (string)NAN
|