0x01
<?php
error_reporting(0);
function noother_says_correct($temp)
{
$flag = 'flag{test}';
$one = ord('1'); //ord — 返回字符的 ASCII 码值
$nine = ord('9'); //ord — 返回字符的 ASCII 码值
$number = '3735929054';
// Check all the input characters!
for ($i = 0; $i < strlen($number); $i++)
{
// Disallow all the digits!
$digit = ord($temp{$i});
if ( ($digit >= $one) && ($digit <= $nine) )
{//检查传入的每个数字,是否>1,并且<9
return "flase";
}
}
if($number == $temp)
return $flag;
}
$temp = $_GET['password'];
echo noother_says_correct($temp);
?>
ord()
定义:
- 返回字符串的首个字符的ASCII值
语法:ord(string)
0x02 代码分析
GET方式传入值
传入的值每个数字不在1和9之间
并且传入的等于3735929054
把传入的数字3735929054转换成16进制
为deadc0de
http://123.206.87.240:9009/20.php?password=0xdeadc0de
参考链接:
https://blog.csdn.net/destiny1507/article/details/100992568