A loose comparison is one performed using two equals signs (==
).It follows suit with the “best-guess” approach, which can lead to some unexpected results.
TAKE A LOOK INTO THIS TABLEThứ Tư, 18 tháng 12, 2019
[wargame.kr&rootme] PHP TYPE CONFUSION & LOOSE COMPARISON WRITEUP!
FIRST OF ALL , WE SHOULD FOCUS ON THE DEFINITION
Thứ Hai, 9 tháng 12, 2019
[WARGAME.KR] MD5 PASSWORD VULNERABILITY WRITEUP!
THIS CHALL IS TO SUBMIT A PASSWORD WHICH WILL BE SENT TO md5($ps,true) FUNCTION AND THIS MD5 PASSWORD IS A PART OF THIS SQL QUERY :
FIRST, TAKE A LOOK AT MD5() FUNCTION DEFINITION AND IT'S VULENERABILITY :
string md5 ( string $str , [ bool $raw_output = false ] )
$row=@mysql_fetch_array(mysql_query("select * from admin_password where password='".md5($ps,true)."'"));OFCORSE WE DONT HAVE IDEA ABOUT PASSWORD , SO WE MUST FIND A WAY TO BYPASS THIS QUERY BY SQL INJECTION !
FIRST, TAKE A LOOK AT MD5() FUNCTION DEFINITION AND IT'S VULENERABILITY :
string md5 ( string $str , [ bool $raw_output = false ] )
Đăng ký:
Bài đăng (Atom)
Phổ Biến
-
SO , THIS IS VERY FIRST TIME MY NEW TEAM TAKE PART IN A CTF COMPETITION [PICOCTF] I MAKE THIS WRITE-UP AS THE NOTE FOR ALL WEB-CHALLEN...