实验吧 web Once More
来源:互联网 发布:淘宝怎么预约快递 编辑:程序博客网 时间:2024/06/14 08:07
<?php
if (isset ($_GET['password'])) {
if (ereg ("^[a-zA-Z0-9]+$", $_GET['password']) === FALSE)
{
echo '<p>You password must be alphanumeric</p>';
}
else if (strlen($_GET['password']) < 8 && $_GET['password'] > 9999999)
{
if (strpos ($_GET['password'], '*-*') !== FALSE)
{
die('Flag: ' . $flag);
}
else
{
echo('<p>*-* have not been found</p>');
}
}
else
{
echo '<p>Invalid password</p>';
}
}
?>
if (isset ($_GET['password'])) {
if (ereg ("^[a-zA-Z0-9]+$", $_GET['password']) === FALSE)
{
echo '<p>You password must be alphanumeric</p>';
}
else if (strlen($_GET['password']) < 8 && $_GET['password'] > 9999999)
{
if (strpos ($_GET['password'], '*-*') !== FALSE)
{
die('Flag: ' . $flag);
}
else
{
echo('<p>*-* have not been found</p>');
}
}
else
{
echo '<p>Invalid password</p>';
}
}
?>
提交的表单经过了如上审核,首先必须是数字或字母,其次是长度小于8但是密码大于9999999,还要求里面有*-*,首先要知道ereg是有漏洞的,ereg遇到%00时会截断,所以*-*可以放在%00之后,然后还要求长度小于8而且大于9999999,这里可以使用科学计数法e9也就是10的九次方,这样构造1e9%00*-*就符合要求了
0 0
- 实验吧 web Once More
- Once More--实验吧
- yestoday once more
- Recommend DDD once more
- bug report once more
- Yesterday Once More
- Yesterday Once More
- Yesterday once more
- Yesterday once more
- Yesterday Once more
- Once more unto the breach, dear friends, once more
- yesterday once more 理查德克莱德曼
- JOJ2672 Hanoi Tower Once More
- AcceptChanges and Updates once more
- Yesterday Once More(昨日重现)
- scrum–yesterday once more
- scrum–yesterday once more
- Yesterday Once More --- 再次遇到Go语言
- 深入理解运算符重载
- 【UNREAL ENGINE 游戏开发】开篇之UE4的BLUEPRINT(蓝图)与C++(新童鞋必看)
- storyboard之 prepareForSegue:sender:
- 线程和进程
- atitit.词法分析原理 词法分析器 (Lexer)
- 实验吧 web Once More
- 配置Git及生成SSH Key
- Atitit.词法分析的理论原理 part2
- LeetCode[260]Single Number III
- Atitit.antlr实现词法分析
- Linux 存储速度测试脚本
- 《CSS3实战》笔记--溢出文本省略:text-overflow和文本换行显示:word-wrop
- 图片处理
- storyboard页面转跳