题目地址:http://119.23.73.3:5001/web6/
<?php
include "flag.php";
highlight_file(__FILE__);
if (isset($_GET['money'])) {
$money = $_GET['money'];
if (strlen($money) <= 4 && $money > time() && !is_array($money)) {
echo $flag;
echo "<!--By:daoyuan-->";
} else echo "Wrong Answer!";
} else echo "Wrong Answer!";
?>
通过审计代码,我们可以看到要得到flag需要达到这三个条件:
- money传参长度小于等于4
- money的值要大于time()
- money不是数组
Payload: