萌新web3

 

Obviously, in comparision to 萌新web2，here adding additional filter conditions that regular expression can match those stuff: 'or', '-', '\', '*', '<', '>', '!', 'x', 'hex', '+' and no matter capital or lowercase.

Therefore, the payload '0x3e8' which we used to bypass the filter is invalid, because 'x' will be matched. 

Let me introduce an operator in MySQL which can help us solve this puzzle: '~'. It can invert the sequence of bits such as make '1101' to '1011'. 

So we renewdly construct the payload '~~1000' and the function intval() will return 0 when it receives the payload(If you don't know why, maybe you should retrieve PHP Manual or leave me your queries below).