Home > Developer > Web Develop
Links: http://www.shiyanbar.com/ctf/54
Page conditions
Get tips: index.php.txt <?PHPif(Eregi ("Hackerdj", $_get[id])) {Echo ("<p>not allowed!</p>"); Exit ();} $_get[id]=UrlDecode ($_get[id]);if($_get[id] = ="Hackerdj") {echo"<p>access granted!</p>"; Echo"<p>flag: *****************} </p>";}?><br><br>Can Authenticate to ThisWebsite?First eregi () function to make a comparative judgment, if you want to print flag,id cannot equal"Hackerdj", and after URL decodingID equals "Hackerdj"
However, it is important to note that the browser will decode the browser at the time of submission.
<?php$ID='%68Ackerdj';if(Eregi ("Hackerdj",$ID)) { Echo("<p>not allowed!</p>"); Exit ();} $ID= UrlDecode ($ID);if($ID=="Hackerdj"){ Echo "<p>access granted!</p>"; Echo "<p>flag: *****************} </p>";}?>
Can see the successful printing, that the browser has indeed converted for us once
So we need to encode it two times: H--and%68--%2568
Construction URL:INDEX.PHP?ID=%2568ACKERDJ
Submit to get flag: Flag:dutctf{php_is_the_best_program_language}
Note: string comparison parsing, regardless of case. eregi () function syntax: eregi (stringPatternstring string, array [regs]); return value: Integer/array Features: PHP function eregi () is not case-insensitive, similar to function ereg () is case-sensitive:if(Eregi ("C","abcdef")//true URL Dual encoding : The URL encoding is generated'%'Encode again, and put'%'Replaced by'%25'
Experiment, web-php Dafa.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
