CNSS Recruit 2021 WriteUp - Web
Signin 考点:HTTP,略 Flag: CNSS{Y0u_kn0w_GET_and_POST} D3buger 考点:F12,略 Flag: CNSS{Wh4t_A_Sham3le55_thI3f} GitHacker 考点:Git泄露 Git_Extract直接出,略 Flag: CNSS{Ohhhh_mY_G0d_ur3_real_G1th4ck3r} 更坑的数学题 考点:脚本提交,略 Flag: CNSS{w#y_5o_f4st?} Ezp#p 考点:md5弱类型比较、变量覆盖 开局给出源码: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 <?php error_reporting(0); require_once("flag.php"); show_source(__FILE__); $pass = '0e0'; $md55 = $_COOKIE['token']; $md55 = md5($md55); if(md5($md55) == $pass){ if(isset($_GET['query'])){ $before = $_GET['query']; $med = 'filter'; $after = preg_replace( "/$med/", '', $before ); if($after === $med){ echo $flag1; } } $verify = $_GET['verify']; } extract($_POST); if(md5($verify) === $pass){ echo $$verify; } ?...