CTF---Web entry nineth FALSE

False score: 10

• Source: Ifuryst
• Difficulty: Easy
• Number of participants: 4567 people
• Get flag:2144 People
• Number of respondents: 2157 people
• Problem solving pass rate: 99%

PHP Code Audit

HINT:SHA1 function have you ever really understood? I heard someone used MD5 to collide O (╯-╰) o

Format: ctf{}

Problem Solving Links: http://ctf5.shiyanbar.com/web/false.php

Original title Link: http://www.shiyanbar.com/ctf/1787

"Problem Solving Report"

　　This is the beginning of the web I started to write the nineth question, open the problem link, the problem is Tao sha! Let's do a brief introduction:

hash function

Sha was proposed by NIST and the NSA in 1993, and the revised version was released in 1995, known as SHA-1, as the standard for the US DSA digital signature scheme

FIPS 180-1 1995,internet RFC3174, note that the algorithm is SHA, and the standard is called SHS, producing a 160-bit hash value

Now as the proposed hash algorithm, based on the design of MD4

The title means to pass in two values, the two values are not equal, and then their hash value is equal, this is a very contradictory thing, hash collision is not possible, there is no two different values, and then their hash value will be equal, how to do? This problem uses a flaw in the SHA function!

The default value of the SHA function is a string type, we can let it do not pass the string type, passing other types, such as we can pass an array, so it will return a false, two false will be equal, in this way can bypass the condition, the style is as follows:

Http://ctf5.shiyanbar.com/web/false.php?name[]=a&password[]=b

And then we go back to the website and try it.

Get a flag directly, that's the key to the subject.

CTF---Web entry nineth FALSE