strcmp — 二进制安全字符串比较
int strcmp ( string $str1
, string $str2
)
如果 str1
小于 str2
返回 < 0; 如果 str1
大于 str2
返回 > 0;如果两者相等,返回 0。
<?php
/*
int strcmp ( string $str1 , string $str2 )
Returns
< 0 if str1 is less than str2;
> 0 if str1 is greater than str2,
= 0 if they are equal.
http: //danuxx.blogspot.com/2013/03/unauthorized-access-bypassing-php-strcmp.html
------------------------------------------
Pwned: http: //www.example.com?key[]=1
*/
echo "Current PHP Version: " . phpversion()."<br />";
$param = $_GET['key'];
//echo (int)(strcmp("HelloPHP", $param)) ."<br />";
if((strcmp("Hello_PHP", $param)) == 0)
{
echo "Pwned, PHP strcmp holes";
}
else if ((strcmp("Hello_PHP", $param)) == 1)
{
echo "Come on baby !";
}
else {
echo "Welcome to here !";
}
?>