<?php
include('flag.php');
highlight_file(__FILE__);
error_reporting(0);
function filter($num)
{
$num=str_replace("0x","1",$num);
$num=str_replace("0","1",$num);
$num=str_replace(".","1",$num);
$num=str_replace("e","1",$num);
$num=str_replace("+","1",$num);
return $num;
} $num=$_GET['num'];
if(is_numeric($num) and $num!=='36' and trim($num)!=='36' and filter($num)=='36')
{
if($num=='36')
{
echo $flag;
}
else
{
echo "hacker!!";
}
}
else
{
echo "hacker!!!";
}
?>
代码审计可知
需要满足:num通过is_numeric的检测,并且不等于36,去空后依然不等于36,经过过滤方法后依然等于36
<?php
for($i = 0; $i<129; $i++)
{
$num=chr($i).'36';
if(trim($num)!=='36' && is_numeric($num) && $num!=='36')
{
echo urlencode(chr($i))."\n";
}
}
?>
对照ASCII码表(http://ascii.911cha.com/)
得到:%0C %2B(+) - . 0 1 2 3 4 5 6 7 8 9
?num=%0C36
打赏我,让我更有动力~
© 2016 - 2024 掌控者 All Rights Reserved.