PHP expresses two different strings to be the same [duplicate]

最新推荐文章于 2022-01-27 16:56:43 发布
最新推荐文章于 2022-01-27 16:56:43 发布
阅读量635 收藏 2
点赞数
分类专栏: ctf web 安全
安全 同时被 3 个专栏收录
47 篇文章 1 订阅
订阅专栏
web
44 篇文章 1 订阅
订阅专栏
ctf
5 篇文章 1 订阅
订阅专栏

ctf遇到一题,绕过 == 操作符判断的 php:md5 相等验证

原理在 stackoverflow上找到了答案

stackoverflow

 php-expresses-two-different-strings-to-be-the-same 

 why-md5240610708-is-equal-to-md5qnkcdzo


Why does the following statement return true?

"608E-4234" == "272E-3063"

"608E-4234" is the float number format, so they will cast into number when they compares.

608E-4234 and 272E-3063 will both be float(0) because they are too small.

For == in php,

If you compare a number with a string or the comparison involves numerical strings, then each string is converted to a number and the comparison performed numerically.

http://php.net/manual/en/language.operators.comparison.php


and

var_dump(md5('240610708') == md5('QNKCDZO'));

Output:

bool(true)


md5('240610708') 's result is 0e462097431906509019562988736854.

md5('QNKCDZO') 's result is 0e830400451993494058024219903391.

They are both float number format strings (numerical strings), and if you use == in php, when compare a number with a string or the comparison involves numerical strings, then each string is converted to a number and the comparison performed numerically.

Both of the strings are converted to 0 when compared with ==, if you want to compare them as string, remember to use ===(strict comparison) instead.


类似

PHP 探测任意网站密码明文/加密手段办法: md5('240610708') == md5('QNKCDZO')

var_dump(md5('240610708') == md5('QNKCDZO'));
var_dump(md5('aabg7XSs') == md5('aabC9RqS'));
var_dump(sha1('aaroZmOk') == sha1('aaK1STfY'));
var_dump(sha1('aaO8zKZF') == sha1('aa3OFF9m'));
var_dump('0010e2' == '1e3');
var_dump('0x1234Ab' == '1193131');
var_dump('0xABCdef' == ' 0xABCdef');

https://news.ycombinator.com/item?id=9484757

ncafei
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
2014-博士论文-The Influence of Social Capital
07-28
the structural and relational dimension of social capital, whereas the interest of a user expresses this cognitive dimension. By studying the retweet traces in 166 Interest-based networks, this study ...
generator-expressive:ExpressES6ReactSocket.IOMongoose应用程序生成器
05-18
生成器表达的安装首先,使用安装和generator-expressive(假设您已经预安装了 )。 npm install -g yonpm install -g generator-expressive 然后生成您的新项目: yo expressive执照麻省理工学院:copyright:
PHP代码审计之函数漏洞(下)
JBlock的博客
03-13 4664
前言 此篇文件属于代码审计篇的一个环节,其意图是为总结php常见函数漏洞,分为上下两节,此为下节!此篇与命令注入绕过篇和sql注入回顾篇同属一个系列!欢迎各位斧正! 目录 前言 正文 md5()引发的注入 md5加密相等绕过 数字验证正则绕过 md5函数验证绕过 十六进制与数字比较绕过 后记 正文 md5()引发的注入 <?php $password=$_POST...
POJ 2406-Power Strings(重复子串-KMP中的next数组)
Some.
04-11 754
Power Strings Time Limit: 3000MS   Memory Limit: 65536K Total Submissions: 47642   Accepted: 19867 Description Given two strings a and b we define a*b to be their concate
POJ 2406(KMP算法思想求周期+1)
看起来喜欢做枯燥事情的人或许只是更清楚自己想要什么罢了
01-25 271
题意               给你一个字符串  长度在1e6以内 求这个字符串的最大周期是多少 思路                     用kmp算法中的next数组来求周期再好不过了  len - next[len]可以求出最小循环节长度  在这个值为零或者长度不能整出这个值的时候就输出 1 这种情况也就是把这一整个串当成一个循环节  如果能整出 
FZU 1011 Power Strings(KMP匹配算法)
linlinsong—ACM界蒟水!
03-11 566
Problem 1011 Power Strings Accept: 914 Submit: 2751 Time Limit: 1000 mSec Memory Limit : 32768 KBProblem DescriptionGiven two strings a and b we define a*b to be their concatenation. For exampl
ComparereTreino1:Treinando Expresses Lambda,Compareson,ExtensionMethods和功能
02-21
在C#编程中,"ComparereTreino1"项目似乎是一个练习或教程,专注于训练开发者在实际编程中使用的关键技术,包括Lambda表达式、比较器(Compareson)、扩展方法(Extension Methods)以及函数式编程概念。...
The.Difference.Between.PC.Architectures.epub
03-27
A computer's architecture is its ... A computer's organization expresses the realization of the architecture. Architecture describes what the computer does and organization describes how it does it.
php明文密码加密,【转载】PHP明文加密
weixin_34353619的博客
03-18 129
转载地址忘记了,刚开始学PHP时,做的笔记function encrypt($string,$operation,$key=""){$key=md5($key);$key_length=strlen($key);$string=$operation=="D"?base64_decode($string):substr(md5($string.$key),0,8).$string;$string_l...
POJ 2405 KMP next数组的运用 ʕ •ᴥ•ʔ
henucm的博客
08-21 294
Power Strings   Given two strings a and b we define a*b to be their concatenation. For example, if a = "abc" and b = "def" then a*b = "abcdef". If we think of concatenation as multiplication, expone...
poj-2406 Power Strings
B_mess的博客
08-10 377
Power Strings Time Limit: 3000MS   Memory Limit: 65536K Total Submissions: 37660   Accepted: 15576 Description Given two strings a and b we define a*b to be their concate
poj 2406 Power Strings
iwi
08-14 150
题目:Power Strings 思路:先用kmp求出nxt数组,当n%(n-nxt[n])==0时,n/(n-nxt[n])就是答案。 代码: #include<cstring> #include<cstdio> #include<iostream> #include<string> using namespace std; #define...
kuangbin KMP G题
wtml
09-13 393
G - Power StringsGiven two strings a and b we define a*b to be their concatenation. For example, if a = “abc” and b = “def” then a*b = “abcdef”. If we think of concatenation as multiplication, exponent
PHP代码审计分段讲解
weixin_46211944的博客
01-27 232
PHP代码审计分段讲解 作 者:bowu 网 站:Bowu‘ s Blog Github: bowu (Github) 本项目将会持续更新,请Star予以支持,感谢亲 ???? 关于本项目 代码审计对于很多安全圈的新人来说,一直是一件头疼的事情,也想跟着大牛们直接操刀审计CMS?却处处碰壁: 函数看不懂! 漏洞原理不知道! PHP特性更不知! 那还怎么愉快审计? 不如化繁为简,跟着本项目先搞懂PHP中大多敏感函数与各类特性,再逐渐增加难度,直到可以吊打各类CMS~ 本项目讲解基于多道CTF题,
POJ2406:Power Strings
ACM!荣耀之路!
03-09 3504
Description Given two strings a and b we define a*b to be their concatenation. For example, if a = "abc" and b = "def" then a*b = "abcdef". If we think of concatenation as multiplication, exponentiat
POJ 2406 Power Strings——字符串哈希
lllllan
07-27 142
传送门 Description Given two strings a and b we define ab to be their concatenation. For example, if a = “abc” and b = “def” then ab = “abcdef”. If we think of concatenation as multiplication, exponentiation by a non-negative integer is defined in the normal
用英文润色一下下面一段论文:y.After each round of interaction, the consumer estimates the utility of the predicate used in the query, which is useful for planning the next round of interaction. The utility of a predicate 푃 expresses the anticipated accuracy improvement that R푃 brings to M. We define a measure that we call novelty to quantify predicate utility. The basic idea of this measure is to quantify the difference between the data acquired in the interaction to those that the consumer currently possesses. The higher the difference, the more information this interaction brings to the consumer. Let RM:푃 be the records the consumer currently possesses satisfying 푃. The novelty of predicate 푃, denoted as 푈푃 , is defined on RM:푃 and R푃 . More specifically, we consider a binary classification problem that treats RM:푃 and R푃 as samples from class 0 and class 1 respectively, and train a classifier CLF to distinguish between the two sets of records. The utility of 푃 is computed as follows:
最新发布
02-13
请用中文润色:每一轮交互后,消费者估计查询中使用的谓词的效用,这对规划下一轮交互很有用。谓词 푃 的效用表示 R푃 给 M 带来的预期精确度提高。我们定义了一个称为新颖性的度量来量化谓词效用。...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值