web9

源码泄露 /index.phps

<?php
$flag="";
$password=$_POST['password'];
if(strlen($password)>10){
	die("password error");
}
$sql="select * from user where username ='admin' and password ='".md5($password,true)."'";
$result=mysqli_query($con,$sql);
if(mysqli_num_rows($result)>0){
	while($row=mysqli_fetch_assoc($result)){
		 echo "登陆成功<br>";
		 echo $flag;
	 }
}
?>

两个强大的字符串:
ffifdyop
129581926211651571912466741651878684928

image-20211024170100118 image-20211024170142383

实现永真绕过

posted @ 2022-02-24 01:03  NwN  阅读(98)  评论(0)    收藏  举报