In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
This article shows you what the characteristics of ctfshow in php are, the content is concise and easy to understand, and it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.
Web89~ Array Bypass preg_match
Here is the strong comparison.
For weak comparison, Baidu has a lot of md5 encryption that begins with 0e, which is weaker than zero.
Strong comparison
If the md5 function is passed in instead of a string but an array, null is returned and null=null bypasses it.
Construction
A [] = 1roomb [] = 2
And md5 strong collisions.
Https://blog.csdn.net/EC_Carrot/article/details/109525162
Https://www.cnblogs.com/kuaile1314/p/11968108.html
Web98~ ternary operation address refers to Notice: Undefined index: flag in / var/www/html/index.php on line 15Notice: Undefined index: flag in / var/www/html/index.php on line 16Notice: Undefined index: HTTP_FLAG in / var/www/html/index.php on line 17
Ternary operation, and address (reference)
$_ GET?$_GET=&$_POST:'flag'; / / change the get method to the post method (changed the address of the get method) as long as there is an input get parameter
So look at the final request for $_ GET ['HTTP_FLAG'] = =' flag'?$flag:__FILE__, then we can pass a parameter directly to get at will, and then post pass the parameter HTTP_FLAG=flag to get flag.
Take a look at wp:
The https://www.php.cn/php-notebook-172859.html https://www.php.cn/php-weizijiaocheng-383293.html test site is the ternary operator and address (reference) in PHP, which is kind of like the address in c language. We can modify the code.
The comparison automatically converts the data type, that is, the weak comparison, when the third function is not set.
Then we pass in 1.php, which is equivalent to 1. 5%.
Construction
/? n=1.php# postcontent=web100~ operator precedence, hexadecimal of the reflection class) is also recognized as a number.
But this is the php7 environment. No.
To make v2 numeric, we first consider writing 1.php using pseudo-protocol
Get:v2=??? & v3=php://filter/write=convert.base64-decode/resource=1.phppost: v1=hex2bin
The key is what code base64 is encoded and then converted to hexadecimal to full number.
$axim'
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.