$flag='MRCTF{xxxxxxxxxxxxxxxxxxxxxxxxx}';
if(isset($_GET['gg'])&&isset($_GET['id'])){$id=$_GET['id'];$gg=$_GET['gg'];if(md5($id)=== md5($gg)&&$id!==$gg)# id和gg进行MD5加密一样,不加密则不一样,看到这种md5弱比较直接数组绕过。{echo'You got the first step';
if(isset($_POST['passwd']))#post请求 因此要用到hackbar{$passwd=$_POST['passwd'];if(!is_numeric($passwd))#passwd不是纯数字{
if($passwd==1234567)#passwd要若比较为1234567 因为数字在比较时 只会比较到数字 如1234567a 比较到7即打住。{echo'Good Job!';
highlight_file('flag.php');
die('By Retr_0');}else{echo"can you think twice??";}}else{echo'You can not get it !';}}else{ die('only one way to get the flag');}}else{echo"You are not a real hacker!";}}else{ die('Please input first');}