抓个包示select * from ‘admin’ where password=md5($pass,true)使用ffifdyop这里有参考
<!--
$a = $GET['a'];
$b = $_GET['b'];
if($a != $b && md5($a) == md5($b)){
// wow, glzjin wants a girl friend.
-->
数组绕过,?a[]=1&b[]=2
http://3a13cc63-3371-4ca6-b7aa-79101cf1febd.node3.buuoj.cn/levels91.php?a[]=1&b[]=2
出现
数组绕过param1[]=1¶m2[]=2