ctf.show_web11
作者:互联网
源码:
<?php
function replaceSpecialChar($strParam){
$regex = "/(select|from|where|join|sleep|and|\s|union|,)/i";
return preg_replace($regex,"",$strParam);
}
if(strlen($password)!=strlen(replaceSpecialChar($password))){
die("sql inject error");
}
if($password==$_SESSION['password']){
echo $flag;
}else{
echo "error";
}
?>
得到flag的条件是 p a s s w o r d = = password== password==_SESSION[‘password’]
session中的password存储在本地
password由自己传参
将phpsession置空,password传个空气,使条件满足
标签:regex,show,flag,web11,ctf,SESSION,error,password,strlen 来源: https://blog.csdn.net/qq_45829213/article/details/113832623