我的CTF之旅（二）

PHP的特性 1：

打开页面查看源码如下：

if (isset($_POST["number"]))
if (is_numeric($_POST["number"]))
if(strlen($_POST["number"])>=12)
echo "太多了。";
elseif ($_POST["number"]>1000000000000)
echo "FLAG:".$flag;
else echo "就差一点了。";
else echo "还差得很远。";

输入一个，科学计数法输入即可：输入1.1e+017 得到key

PHP的特性 2：

打开页面查看源码如下：

if (isset($_POST["number"]))
if (is_numeric($_POST["number"]) && !stristr($_POST["number"],"e"))
if(strlen($_POST["number"])>=13)
echo "太多了。";
elseif ($_POST["number"]>1000000000000)
echo "FLAG:".$flag;
else echo "就差一点了。";
else echo "还差得很远。";

这题和上一道题的区别是多加了对e的判断 所以科学计数法 直接被过滤。联想到16进制，输入一个16进制的数（不要含e），如：0xf8d4a51001 得到key

超简单的js题:

打开页面查看js代码：

var p1 = '%66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%53%75%62%6d%69%74%28%29%7b%76%61%72%20%61%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%70%61%73%73%77%6f%72%64%22%29%3b%69%66%28%22%75%6e%64%65%66%69%6e%65%64%22%21%3d%74%79%70%65%6f%66%20%61%29%7b%69%66%28%22%34%62%34%64%62%32%65';
var p2 = '%34%32%32%35%65%31%30%38%32%63%65%34%61%22%3d%3d%61%2e%76%61%6c%75%65%29%72%65%74%75%72%6e%21%30%3b%61%6c%65%72%74%28%22%45%72%72%6f%72%22%29%3b%61%2e%66%6f%63%75%73%28%29%3b%72%65%74%75%72%6e%21%31%7d%7d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%6c%65%76%65%6c%51%75%65%73%74%22%29%2e%6f%6e%73%75%62%6d%69%74%3d%63%68%65%63%6b%53%75%62%6d%69%74%3b';
eval(unescape(p1) + unescape('%38%32%31%65%62%61%33%36%33%63%39%65' + p2));

url编码，找个解密的网站，输入字符串，转换后得到js代码

function checkSubmit(){var a=document.getElementById("password");if("undefined"!=typeof a){if("4b4db2e4225e1082ce4a"==a.value)return!0;alert("Error");a.focus();return!1}}document.getElementById("levelQuest").onsubmit=checkSubmit;

输入4b4db2e4225e1082ce4a，得到key!