当前位置:网站首页>[wp][introduction] brush weak type questions
[wp][introduction] brush weak type questions
2022-07-05 03:47:00 【_ Xiao SA】
<?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);
$a = $_GET['param1'];
$b = $_POST['param2'];
$c = $_GET['param3'];
$d = $_POST['param4'];
if($a!==$b && md5($a)===md5($b) && $c!==$d && sha1($c)===sha1($d)){
echo $flag2;
die(" xiu_er_!!");
}else{
echo "fail";
}
?>
2.
<?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);
if(isset($_GET['param1'])){
$a = $_GET['param1'];
switch ($a) {
case $a>=0:
echo 0;
break;
case $a>=10:
echo $flag3;
break;
default:
echo 2;
break;
}
}
?>
?param1=0
<?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);
if(isset($_GET['param1'])){
$a = $_GET['param1'];
switch ($a) {
case $a>=0:
echo 0;
break;
case $a>=10:
echo $flag3;
break;
default:
echo 2;
break;
}
}
?>
?param1=0
<?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);
$msg = json_decode($_GET['param1']);
if($msg->key == $key){
echo $flag5;
die(" xiu_er_!!");
}else{
echo "fail";
}
?>
?param1={“key”:0}
<?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);
$s = $_GET['a'];
if(!is_numeric($s)){
if($s+1 === 1000){
die($flag7);
}
}
?>
?a=999a
<?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);
$param2 = 'param2';
extract($_GET);
if (isset($param1)) {
if ($param1 == $content){
foreach($arr as $key => $value){
$$key = $value;
}
if($param2==='getflag'){
echo $flag9;
}
}else{
echo "Oh..nooo";
}
}
?>
?param1=1¶m2=getflag&content=1
<?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);
if(isset($_GET['password'])){
if(ereg("^[a-zA-Z0-9]+$", $_GET['password'])===false){
echo "must be alphanumeric";
}elseif (strpos($_GET['password'], '--')!=false) {
die($flag8);
}else{
echo "Invalid password";
}
}
?>
?password=a%00–
<?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);
$flag = 'test';
extract($_GET);
if($a!=$b && md5($a)==md5($b) && $c!==$d && sha1($c)===sha1($d)){
if(gettype($a)=='array' && gettype($b)=='array'){
die('Oh..no..');
}
if($$flag==='getflag'){
die($flag11);
}
}
?>
?a=QNKCDZO&b=s878926199a&c[]=3&d[]=4&flag=test&test=getflag
<?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);
$paa = 'come_baby';
var_dump($_GET['param']);
parse_str($_GET['param']);
if($arr[1]==="i want" && $paa!=='come_baby' && $a_b==='haha'){
die($flag10);
}else{
echo "Oh..no..";
}
?>
?param=arr[1]=i want%26paa=1%26a_b=haha
边栏推荐
- Learning notes of raspberry pie 4B - IO communication (I2C)
- Huawei MPLS experiment
- How to make the listbox scroll automatically when adding a new item- How can I have a ListBox auto-scroll when a new item is added?
- Leetcode92. reverse linked list II
- Assembly - getting started
- Une question est de savoir si Flink SQL CDC peut définir le parallélisme. Si le parallélisme est supérieur à 1, il y aura un problème d'ordre?
- Unity implements the code of the attacked white flash (including shader)
- DMX parameter exploration of grandma2 onpc 3.1.2.5
- How to learn to get the embedding matrix e # yyds dry goods inventory #
- 【PHP特性-变量覆盖】函数的使用不当、配置不当、代码逻辑漏洞
猜你喜欢
【web审计-源码泄露】获取源码方法,利用工具
[groovy] loop control (number injection function implements loop | times function | upto function | downto function | step function | closure can be written outside as the final parameter)
It took two nights to get Wu Enda's machine learning course certificate from Stanford University
Clickhouse物化视图
How to learn to get the embedding matrix e # yyds dry goods inventory #
Clickhouse同步mysql(基于物化引擎)
Kbp206-asemi rectifier bridge kbp206
Mongodb common commands
Timing manager based on C #
[wp]bmzclub几道题的writeup
随机推荐
[software reverse analysis tool] disassembly and decompilation tool
Unity implements the code of the attacked white flash (including shader)
Basic function learning 02
【做题打卡】集成每日5题分享(第三期)
[web Audit - source code disclosure] obtain source code methods and use tools
IronXL for .NET 2022.6
Multimedia query
Quick start of UI component development of phantom engine [umg/slate]
Redis6-01nosql database
Kubernetes -- cluster expansion principle
Leetcode92. reverse linked list II
[数组]566. 重塑矩阵-简单
【无标题】
LeetCode 237. Delete nodes in the linked list
Asemi rectifier bridge 2w10 parameters, 2w10 specifications, 2w10 characteristics
@Transactional 注解导致跨库查询失效的问题
Logstash、Fluentd、Fluent Bit、Vector? How to choose the appropriate open source log collector
Redis之Jedis如何使用
Yuancosmic ecological panorama [2022 latest]
How to define a unified response object gracefully