当strcmp比较出错的时候就会为null。null即为0故输出flag。
strcmp(arr,str);
?test[]=1
<?php
define('FLAG', 'pwnhub{THIS_IS_FLAG}');
if (@strcmp($_GET['flag'], FLAG) == 0)
{
echo "success, flag:" . FLAG;
}else{
echo "hello world";
}
?>
<?php
header ( 'Content-Type: text/html; charset=utf-8' ); // 网页编码
error_reporting ( 0 );
$flag = "this is flag";
//echo $_POST['num'];
if (isset ( $_POST ['num'] )) {
if (@ereg ( "^[1-9]+$", $_POST['num'] ) === FALSE)
echo '麻烦告诉我数字是多少,啊哈哈哈';
else if (strpos ( $_POST['num'], '##' ) !== FALSE)
die ( 'Flag: ' . $flag );
else
echo '啊哈哈哈,不对!!';
}
?>