Attack and defense world web master advanced area php2

1. Enter the page , Tip let's try this website , See the title php2, Think of affirmation and php of

2. understand .phps For relevant knowledge, refer to the boss's Blog

3. When we master .phps Related knowledge , Scan with imperial sword , Be careful to add a dictionary , Or you won't be able to scan , Direct access index.phps

4. Code audit

Make sure before that urldecode urlencode The difference between

urlencode() The function principle is to first convert Chinese characters into hexadecimal , Then add an identifier before each character %. urldecode() Function and urlencode() The principle of function is opposite , Used to decode encoded URL character string , Its principle is to convert hexadecimal strings into Chinese characters , Refer to this big man Blog ​​​​​​​​​​​​​​​​​​

Found here in progress url decode , If the decoded variable id be equal to admin Will give flag

5. The browser itself will do so url decode , This is equivalent to two url decode , Just need to make id The value after is equal to admin Do it twice url code , For convenience, we can put a Code twice ,

Yes a The letters are carried out twice url code
for the first time url code ：a ==> %61 //a Of ascii Code is 97, and 97 The hexadecimal of is 61, Add one more %, The resulting %61
The second time url code ：%61 ==> %25%36%31 // Respectively for %,6,1 Conduct url code ,% Of ascii Code is 37,37 Of hex The value is 25, Add one more %, In the end is %25,6 Of ascii Code is 54,54 Of hex The value is 36, Add a %, In the end is %36,1 Empathy

Use online tools to a Conduct url When coding , Still get a, At this time, you need to know the coding rules
%25%36%31 == %2561 why?
Answer:
%2561 Decode once to get %61, because url Encoding is % Add two digits , So first %25 Conduct url Decode to get % In itself , and 61 It's a number without decoding , You get %61 The second decoding results in a
%25%36%31 Decoding for the first time %25==>% %36==>6 %31==>1 So decode once to get %61 Decode for the second time to get a, Here we learn from this big man's Blog , You can refer to .

6. Finally visit the address index.php/?id=%2561dmin

%2561=a

obtain flag

A chicken with vegetables , If you have any questions, please correct them ！