標籤:函數 計數 int logs bsp 處理 eric log isset
if(isset($_GET[‘time‘])){ if(!is_numeric($_GET[‘time‘])){ echo ‘The time must be number.‘; }else if($_GET[‘time‘] < 60 * 60 * 24 * 30 * 2){ echo ‘This time is too short.‘; }else if($_GET[‘time‘] > 60 * 60 * 24 * 30 * 3){ echo ‘This time is too long.‘; }else{ sleep((int)$_GET[‘time‘]); echo $flag; } echo ‘<hr>‘; }
這裡用is_numeric檢查是否為數字,而後面用(int)將字元型數字轉為數字型數字,那麼我們來比較一下這兩個函數對字元型數位處理。
前者支援普通數字型、科學記號標記法型、部分支援十六進位0x型,在前者支援的形式中,後者不能正確轉換的類型有十六進位型、科學計數法型(部分)。
因此本題flag在部分環境下可以是?time=0x4F1A01或者部分環境下是?time=5.184001e6,而在部分環境下是無解的。
一題關於PHP的CTF
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
