前言
三天赶了两场比赛
黄鹤杯体验极佳 ,比某500空间好到不知哪里去了
web就两个题,一开始就打穿了
于是本菜鸡就开始了划水运动hhhhh
web1
web1是个thinkphp5
扫一下目录有个www.zip
打开后看到源码
![20017676-e71d530869f0514f.png](https://i-blog.csdnimg.cn/blog_migrate/c2c8a7687a899d93ee5492c3c8c1bfe4.png)
image
有注册 有登录按钮,然后看源码的意思是让你成为admin用户,然后可以得到一个hint来进行下一步
![20017676-4ece35cb7de44c08.png](https://i-blog.csdnimg.cn/blog_migrate/89cb4b256bdc4f34d93ee86537cd98a0.png)
image
Userinfo.php
<?php
namespace app\index\controller;
use think\Controller;
use think\Db;
use think\Request;
use think\Validate;
class Userinfo extends Controller
{
public function user(Request $request)
{
$session = $request->session('username');
if($session === 'admin')
{
return view('user',['info'=>'welcome admin!!','flag'=>'This is your hint: <br>hint{xxxxxxxxxx}']);
}
else{
return view('user',['info'=>"hello {$session}",'flag'=>'This is your hint: <br>flag{}<br>maybe the admin have some hints:)']);
}
}
public function change()
{
return view();
}
public function changeinfo(Request $request)
{
$dbuser ='*****';
$dbpass ='*****';
$dbname ="study";
$host = 'localhost';
@error_reporting(0);
@$con = mysqli_connect($host,$dbuser,$dbpass,$con);
// Check connection
if (!$con)
{
echo "Failed to connect to MySQL: " . mysqli_error();
}
@mysqli_select_db($con,$dbname) or die ( "Unable to connect to the database: $dbname");
$post = $request->post();
$username = $request->session('username');
$pass = $post['password'];
$curr_pass = $pos