打开靶机,代码审计
附上代码
<?php error_reporting(0); ?> <html lang="zh-CN"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0, initial-scale=1.0" /> <title>ctf.show_web5</title> </head> <body> <center> <h2>ctf.show_web5</h2> <hr> <h3> </center> <?php $flag=""; $v1=$_GET[\'v1\']; $v2=$_GET[\'v2\']; if(isset($v1) && isset($v2)){ if(!ctype_alpha($v1)){ die("v1 error"); } if(!is_numeric($v2)){ die("v2 error"); } if(md5($v1)==md5($v2)){ echo $flag; } }else{ echo "where is flag?"; } ?> </body> </html>
md5碰撞,只要是0e开头MD5值,默认为相等,v1为字符,v2为数值
payload:
拿到flag