Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

What are the characteristics of ctfshow in php

2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)05/31 Report--

This article shows you what the characteristics of ctfshow in php are, the content is concise and easy to understand, and it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

Web89~ Array Bypass preg_match

Here is the strong comparison.

For weak comparison, Baidu has a lot of md5 encryption that begins with 0e, which is weaker than zero.

Strong comparison

If the md5 function is passed in instead of a string but an array, null is returned and null=null bypasses it.

Construction

A [] = 1roomb [] = 2

And md5 strong collisions.

Https://blog.csdn.net/EC_Carrot/article/details/109525162

Https://www.cnblogs.com/kuaile1314/p/11968108.html

Web98~ ternary operation address refers to Notice: Undefined index: flag in / var/www/html/index.php on line 15Notice: Undefined index: flag in / var/www/html/index.php on line 16Notice: Undefined index: HTTP_FLAG in / var/www/html/index.php on line 17

Ternary operation, and address (reference)

$_ GET?$_GET=&$_POST:'flag'; / / change the get method to the post method (changed the address of the get method) as long as there is an input get parameter

So look at the final request for $_ GET ['HTTP_FLAG'] = =' flag'?$flag:__FILE__, then we can pass a parameter directly to get at will, and then post pass the parameter HTTP_FLAG=flag to get flag.

Take a look at wp:

The https://www.php.cn/php-notebook-172859.html https://www.php.cn/php-weizijiaocheng-383293.html test site is the ternary operator and address (reference) in PHP, which is kind of like the address in c language. We can modify the code.

The comparison automatically converts the data type, that is, the weak comparison, when the third function is not set.

Then we pass in 1.php, which is equivalent to 1. 5%.

Construction

/? n=1.php# postcontent=web100~ operator precedence, hexadecimal of the reflection class) is also recognized as a number.

But this is the php7 environment. No.

To make v2 numeric, we first consider writing 1.php using pseudo-protocol

Get:v2=??? & v3=php://filter/write=convert.base64-decode/resource=1.phppost: v1=hex2bin

The key is what code base64 is encoded and then converted to hexadecimal to full number.

$axim'

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report