<?php
function noother_says_correct($number)
{
$one = ord('1');
$nine = ord('9');
for ($i = 0; $i < strlen($number); $i++)
{
$digit = ord($number{$i});
if ( ($digit >= $one) && ($digit <= $nine) )
{
return false;
}
}
return $number == '54975581388';
}
$flag='*******';
if(noother_says_correct($_GET['key']))
echo $flag;
else
echo 'access denied';
?>
要输出flag,就要noother_says_correct($_GET['key'])为真,即$number == '54975581388'
nooter_says_correct要求number的每一位的ASCII码值不能大于1小于9
PHP是弱类型,key=0xccccccccc(54975581388的十六进制)
构造请求http://chinalover.sinaapp.com/web12/index.php?key=0xccccccccc
nctf{follow_your_dream}