buku—PHP代码审计—ereg正则%00截断
<?php
$flag = "xxx";
if (isset
($_GET['password']))
{
if (ereg
("^[a-zA-Z0-9]+$", $_GET['password']) === FALSE)
{
echo '
You password must be alphanumeric
';
}
else if (strlen($_GET['password']) < 8 && $_GET['password'] > 9999999)
{
if (strpos
($_GET['password'], '-') !== FALSE)
{
die('Flag: ' . $flag);
}
else
{
echo('
- have not been found
');
}
}
else
{
echo '
Invalid password
';
}
}
?>
看似题目%00截断,实则直接数组绕过也可: payload:?password[]=1 payload2:?password=1e9%00*-*
