吃瓜杯

Posted by BY Blog on August 21, 2021 
layout:    post
title:     吃瓜杯
subtitle:  学习学习
date:      2021-08-21
author:    lll-yz
header-img: img/post-bg-coffee.jpg
catalog:    true
tags:
    - CTF

热身

<?php

/*
# -*- coding: utf-8 -*-
# @Author: h1xa
# @Date:   2020-09-16 11:25:09
# @Last Modified by:   h1xa
# @Last Modified time: 2020-09-18 16:53:59
# @link: https://ctfer.com

*/

include("flag.php");
highlight_file(__FILE__);
if(isset($_GET['num'])){
    $num = $_GET['num'];
    if($num==4476){
        die("no no no!");
    }
    if(preg_match("/[a-z]|\./i", $num)){
        die("no no no!!");
    }
    if(!strpos($num, "0")){
        die("no no no!!!");
    }
    if(intval($num,0)===4476){
        echo $flag;
    }
}

payload:

?num= 010574

采用八进制绕过对$num==4476preg_match("/[a-z]|\./i", $num,然后再用空格绕过!strpos($num, "0")

shellme

进入直接得到一个phpinfo页面,查找flag,得到。

FEATURED TAGS
学习 sqli-labs DVWA upload-labs xss-labs 工具 CTF xxe 基础 渗透 命令执行 反序列化 内网渗透 Java 汇编 应急响应
FRIENDS