Home > Developer > Web Develop

CTF---Web Getting started question tenth Once more

Source: Internet
Author: User
Tags ereg
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Once More score: 10
    • Source: Ifuryst
    • Difficulty: Easy
    • Number of participants: 4782 people
    • Get flag:2123 People
    • Number of respondents: 2166 people
    • Problem solving pass rate: 98%
Oh, pull? Another PHP audit. I'm sick of it.

The Hint:ereg () function has a loophole; the teacher said to use scientific methods to count.

Format: ctf{}

Problem Solving Links: http://ctf5.shiyanbar.com/web/more.php

Original title Link: http://www.shiyanbar.com/ctf/1805

"Problem Solving Report"

  This is the beginning of the web I started to write the tenth question, a glance at the past, this is a PHP code audit topic, Code Audit is actually quite fun, can learn a lot of things qaq!

We open the problem solving link, the interface is as follows:

This question wants you to enter the password, we can try first, 123 to see not's really into, obviously, certainly is wrong, what should we do? We see this page can see the source code, we click View the source code, we see some more interesting things, first of all, the Ereg function, this function has a loophole, and so we will talk about!

Let's talk about the condition of this password first!

The first is the input character between a~z,a~z,0~9, also only belong to this condition, the second password length is less than 8, the value is greater than 9999999, this is not very contradictory? In high school, we have learned the science of notation, the question of scientific notation is not solved the problem? We look at the next condition, the password must contain *-*, this condition seems to conflict with the first condition, ah, then this problem can not be done?

Just now we mentioned the Ereg function, this function has a very big problem, can be truncated, we can use BP or the previous learned 00 truncation to operate, so we can write the following password:

9e9%00*-*

Enter the next click Check, will prompt such a line of information ....

The password entered is not legal, and then we can see this URL password, the parameters of the time%00 automatically changed to 2500, this is a browser vulnerability, we only need to make changes on the site on the line!

So you get flag!.

CTF---Web Getting started question tenth Once more

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
wordpress org getting started getting started with firebase chrome getting started wildfly getting started getting started manual mongodb windows getting started bbb getting started

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More