level 1
zzz321l8
楼主
网页代码如下
<?php
error_reporting(0);
error_log(0);
require_once("flag.php");
functionis_trying_to_hak_me($str)
{
$blacklist=["'","'",'"',"`","`","`",">","<"];
if(strpos($str,"'")!==false){
if(!preg_match("/[0-9a-zA-Z]'[0-9a-zA-Z]/",$str)){
returntrue;
}
}
foreach($blacklistas$token){
if(strpos($str,$token)!==false)returntrue;
}
returnfalse;
}
if(isset($_GET["pls_help"])){
highlight_file(__FILE__);
exit;
}
if(isset($_POST["user"])&&isset($_POST["pass"])&&(!empty($_POST["user"]))&&(!empty($_POST["pass"]))){
$user=$_POST["user"];
$pass=$_POST["pass"];
if(is_trying_to_hak_me($user)){
die("whyubullyme");
}
$db=newSQLite3("/var/db.sqlite");
$result=$db->query("SELECT*FROMusersWHEREusername='$user'");
if($result===false)die("plsdontbreakme");
else$result=$result->fetchArray();
if($result){
$split=explode('$',$result["password"]);
$password_hash=$split[0];
$salt=$split[1];
if($password_hash===hash("sha256",$pass.$salt))$logged_in=true;
else$err="Wrongpassword";
}
else$err="Nosuchuser";
}
?>
<!DOCTYPEhtml>
<html>
<head>
<title>网页链接 9th-SQLi</title>
</head>
<body>
<?phpif(isset($logged_in)&&$logged_in):?>
<p>Welcomebackadmin!Haveaflag:<?=htm
lsp
ecialchars($flag);?><p>
<?phpelse:?>
<formmethod="post">
<inputtype="text"placeholder="Username"name="user"required>
<inputtype="password"placeholder="Password"name="pass"required>
<buttontype="submit">Login</button>
<br><br>
<?phpif(isset($err))echo$err;?>
</form>
<?phpendif;?>
<!--<ahref="/?pls_help">getsomehelp</a >-->
</body>
</html>
2023年08月15日 15点08分
1
<?php
error_reporting(0);
error_log(0);
require_once("flag.php");
functionis_trying_to_hak_me($str)
{
$blacklist=["'","'",'"',"`","`","`",">","<"];
if(strpos($str,"'")!==false){
if(!preg_match("/[0-9a-zA-Z]'[0-9a-zA-Z]/",$str)){
returntrue;
}
}
foreach($blacklistas$token){
if(strpos($str,$token)!==false)returntrue;
}
returnfalse;
}
if(isset($_GET["pls_help"])){
highlight_file(__FILE__);
exit;
}
if(isset($_POST["user"])&&isset($_POST["pass"])&&(!empty($_POST["user"]))&&(!empty($_POST["pass"]))){
$user=$_POST["user"];
$pass=$_POST["pass"];
if(is_trying_to_hak_me($user)){
die("whyubullyme");
}
$db=newSQLite3("/var/db.sqlite");
$result=$db->query("SELECT*FROMusersWHEREusername='$user'");
if($result===false)die("plsdontbreakme");
else$result=$result->fetchArray();
if($result){
$split=explode('$',$result["password"]);
$password_hash=$split[0];
$salt=$split[1];
if($password_hash===hash("sha256",$pass.$salt))$logged_in=true;
else$err="Wrongpassword";
}
else$err="Nosuchuser";
}
?>
<!DOCTYPEhtml>
<html>
<head>
<title>网页链接 9th-SQLi</title>
</head>
<body>
<?phpif(isset($logged_in)&&$logged_in):?>
<p>Welcomebackadmin!Haveaflag:<?=htm
lsp
ecialchars($flag);?><p>
<?phpelse:?>
<formmethod="post">
<inputtype="text"placeholder="Username"name="user"required>
<inputtype="password"placeholder="Password"name="pass"required>
<buttontype="submit">Login</button>
<br><br>
<?phpif(isset($err))echo$err;?>
</form>
<?phpendif;?>
<!--<ahref="/?pls_help">getsomehelp</a >-->
</body>
</html>
