banner
NEWS LETTER

CTF-SQL注入漏洞测试(参数加密)

Scroll down

https://www.mozhe.cn/bug/detail/110

http://124.70.71.251:44017/news/list.php?id=ZUlJOGMzSmVMMHQwZHhNN3diM056Zz09

初见,“ZUlJOGMzSmVMMHQwZHhNN3diM056Zz09”像base64

找到代码
http://124.70.71.251:44017/news/

下载代码

function decode($data){
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128,’’,MCRYPT_MODE_CBC,’’);
mcrypt_generic_init($td,’ydhaqPQnexoaDuW3’,’2018201920202021’);
$data = mdecrypt_generic($td,base64_decode(base64_decode($data)));
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
if(substr(trim($data),-6)!==’_mozhe’){
echo ‘‘;
}else{
return substr(trim($data),0,strlen(trim($data))-6);
}
}

查看代码

ZUlJOGMzSmVMMHQwZHhNN3diM056Zz09先base64解码,再AES-128,CBC等填上去

其他文章
18
2024/09
基础入门
ChatGPT
  • 24/09/18
  • 15:40
12
2024/09
CTF
CTF-jsfuck
  • 24/09/12
  • 19:00
© 2024 - 2024 CypherSun
请输入关键词进行搜索
  • to close