Boston Key Party CTF 2017: prudentialv2-50
程序员文章站
2022-05-12 20:32:03
...
2015
http://127.0.0.1/~caiqiqi/Boston_Key_Party_CTF_2017/prudentialv2-50/2015/?name[]=caiqiqi&password[]=qqc
源码:
<?php
$flag = 'Congratuations!';
if (isset($_GET['name']) and isset($_GET['password'])) {
if ($_GET['name'] == $_GET['password'])
print 'Your password can not be your name.';
else if (sha1($_GET['name']) === sha1($_GET['password']))
die('Flag: '.$flag);
else
print '<p class="alert">Invalid password.</p>';
} else{
print 'Please input parameters in url';
}
?>
2017
http://127.0.0.1/~caiqiqi/Boston_Key_Party_CTF_2017/prudentialv2-50/2017/?name[]=caiqiqi&password[]=qqc
与2015相比,加入了string强制类型转换,必须构造两个不同的字符串但是sha1值相同。
参考:
http://blog.csdn.net/caiqiiqi/article/details/68953730
源码:
<?php
if (isset($_GET['name']) and isset($_GET['password'])) {
$name = (string)$_GET['name'];
$password = (string)$_GET['password'];
if ($name == $password) {
print 'Your password can not be your name.';
} else if (sha1($name) === sha1($password)) {
die('Flag: '.$flag);
} else {
print '<p class="alert">Invalid password.</p>';
}
}
?>
上一篇: C#SHA1算法及注意事项