web-php Bypass

0x01.web-php Paradox of 1

Topic:

Links: http://game.sycsec.com:2009/10111.php

Problem Solving Ideas:

1. First, the web for the selection of the binary direction of my chicken is absolutely crazy, see this topic concise and so want to try.

The meaning of the topic is very clear, to post two variables so that if the statement is set to hold the flag.

Got a look at ==,===,!. = and! = = Meaning, here Po out, also is a kind of review.

Tips :a==b: Meaning that the values of a and B are equal, but the types do not need to be the same.

A===b: Meaning that both A and B have the same value and type.

! = and! The difference between = = = is similar to the above.

2. after a general understanding of the basic meaning of the analysis of the topic, the IF statement is established by the condition that the values and types of S1 and S2 are different, and its MD5 after the encryption of the value and type to be exactly the same. It looks a bit around and has no idea. Read a blog on Get, attached link http://www.cnblogs.com/weidiao/p/6821812.html.

3. It can be known that if both S1 and S2 are converted into arrays, and the values are different, the IF condition can be satisfied and the flag is obtained.

By the way, Firefox Hackbar plugin can be postdata (shortcut key F9), very convenient.

0x02.web-php Paradox of 2

Topic:

http://game.sycsec.com:2009/20022.php

Problem Solving Ideas:

Take a closer look will find ' = = = ' become ' = = ', so only need value equal, search the search string on the Web different but MD5 equal, get qnkcdzo,240610708.

So the structure PAYLOAD:S1=240610708&S2=QNKCDZO to flag.

LB919
Source: http://www.cnblogs.com/L1B0/
The article for LB919 invested time and energy of the original;
If there is reproduced, the pleasure! Please mark the source;

web-php Bypass