欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

Boston Key Party CTF 2017: prudentialv2-50

程序员文章站 2022-05-12 20:32:03
...

参考:
https://github.com/bl4de/ctf/blob/master/2017/BostonKeyParty_2017/Prudentialv2/Prudentialv2_Cloud_50.md

2015

http://127.0.0.1/~caiqiqi/Boston_Key_Party_CTF_2017/prudentialv2-50/2015/?name[]=caiqiqi&password[]=qqc

Boston Key Party CTF 2017: prudentialv2-50
源码:

<?php

$flag = 'Congratuations!';
if (isset($_GET['name']) and isset($_GET['password'])) {
    if ($_GET['name'] == $_GET['password'])
        print 'Your password can not be your name.';
    else if (sha1($_GET['name']) === sha1($_GET['password']))
      die('Flag: '.$flag);
    else
        print '<p class="alert">Invalid password.</p>';
} else{
    print 'Please input parameters in url';
}

?>

2017

http://127.0.0.1/~caiqiqi/Boston_Key_Party_CTF_2017/prudentialv2-50/2017/?name[]=caiqiqi&password[]=qqc

Boston Key Party CTF 2017: prudentialv2-50
与2015相比,加入了string强制类型转换,必须构造两个不同的字符串但是sha1值相同。
参考:
http://blog.csdn.net/caiqiiqi/article/details/68953730
源码:

<?php

if (isset($_GET['name']) and isset($_GET['password'])) {
    $name = (string)$_GET['name'];
    $password = (string)$_GET['password'];

    if ($name == $password) {
        print 'Your password can not be your name.';
    } else if (sha1($name) === sha1($password)) {
      die('Flag: '.$flag);
    } else {
        print '<p class="alert">Invalid password.</p>';
    }
}

?>
相关标签: sha1 php