PHP expresses two different strings to be the same [duplicate]

最新推荐文章于 2022-01-27 16:56:43 发布
最新推荐文章于 2022-01-27 16:56:43 发布
阅读量677 收藏 2
点赞数
分类专栏: ctf web 安全
本文探讨了如何利用 PHP 的类型转换特性绕过 MD5 哈希比较验证。通过特殊的字符串输入使得 MD5 函数输出特定的浮点数形式,从而在使用 == 运算符时被当作数值进行比较并返回真。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

ctf遇到一题,绕过 == 操作符判断的 php:md5 相等验证

原理在 stackoverflow上找到了答案

stackoverflow

 php-expresses-two-different-strings-to-be-the-same 

 why-md5240610708-is-equal-to-md5qnkcdzo


Why does the following statement return true?

"608E-4234" == "272E-3063"

"608E-4234" is the float number format, so they will cast into number when they compares.

608E-4234 and 272E-3063 will both be float(0) because they are too small.

For == in php,

If you compare a number with a string or the comparison involves numerical strings, then each string is converted to a number and the comparison performed numerically.

http://php.net/manual/en/language.operators.comparison.php


and

var_dump(md5('240610708') == md5('QNKCDZO'));

Output:

bool(true)


md5('240610708') 's result is 0e462097431906509019562988736854.

md5('QNKCDZO') 's result is 0e830400451993494058024219903391.

They are both float number format strings (numerical strings), and if you use == in php, when compare a number with a string or the comparison involves numerical strings, then each string is converted to a number and the comparison performed numerically.

Both of the strings are converted to 0 when compared with ==, if you want to compare them as string, remember to use ===(strict comparison) instead.


类似

PHP 探测任意网站密码明文/加密手段办法: md5('240610708') == md5('QNKCDZO')

var_dump(md5('240610708') == md5('QNKCDZO'));
var_dump(md5('aabg7XSs') == md5('aabC9RqS'));
var_dump(sha1('aaroZmOk') == sha1('aaK1STfY'));
var_dump(sha1('aaO8zKZF') == sha1('aa3OFF9m'));
var_dump('0010e2' == '1e3');
var_dump('0x1234Ab' == '1193131');
var_dump('0xABCdef' == ' 0xABCdef');

https://news.ycombinator.com/item?id=9484757

三个“清洁代码”技巧将使您的开发团队效率提高 50%
AI天才研究院
10-19 9525
如果我必须从软件工程最佳实践的圣经“清洁代码”中选择一点,我们就是作者。阅读与写作的时间比例远远超过 10:1。再读一遍。慢慢地。作为编写新代码的一部分,我们不断地审查旧代码。由于我们花费大量时间阅读旧代码,因此对我们和我们的团队来说,投入一点使其简单易懂可能是个好主意。尽管我建议阅读整本书,但我发现以下三个想法很容易获胜,它们可以极大地提高团队的生产力、效率,最重要的是——减少挫败感:使用好名字...
VisionPro - 基础 - 模板匹配技术-Search/PMAlign/PatMax(5)- 非线性模板变形匹配
山云的专栏
09-22 1265
本机继续对VP的PatMax 算子进行说明:本节讲非线性变形的模板匹配。
PHP代码审计分段讲解
weixin_46211944的博客
01-27 322
PHP代码审计分段讲解 作 者:bowu 网 站:Bowu‘ s Blog Github: bowu (Github) 本项目将会持续更新,请Star予以支持,感谢亲 ???? 关于本项目 代码审计对于很多安全圈的新人来说,一直是一件头疼的事情,也想跟着大牛们直接操刀审计CMS?却处处碰壁: 函数看不懂! 漏洞原理不知道! PHP特性更不知! 那还怎么愉快审计? 不如化繁为简,跟着本项目先搞懂PHP中大多敏感函数与各类特性,再逐渐增加难度,直到可以吊打各类CMS~ 本项目讲解基于多道CTF题,
PHP代码审计之函数漏洞(下)
JBlock的博客
03-13 4766
前言 此篇文件属于代码审计篇的一个环节,其意图是为总结php常见函数漏洞,分为上下两节,此为下节!此篇与命令注入绕过篇和sql注入回顾篇同属一个系列!欢迎各位斧正! 目录 前言 正文 md5()引发的注入 md5加密相等绕过 数字验证正则绕过 md5函数验证绕过 十六进制与数字比较绕过 后记 正文 md5()引发的注入 <?php $password=$_POST...
POJ 2406-Power Strings(重复子串-KMP中的next数组)
Some.
04-11 816
Power Strings Time Limit: 3000MS   Memory Limit: 65536K Total Submissions: 47642   Accepted: 19867 Description Given two strings a and b we define a*b to be their concate
POJ 2406(KMP算法思想求周期+1)
看起来喜欢做枯燥事情的人或许只是更清楚自己想要什么罢了
01-25 319
题意               给你一个字符串  长度在1e6以内 求这个字符串的最大周期是多少 思路                     用kmp算法中的next数组来求周期再好不过了  len - next[len]可以求出最小循环节长度  在这个值为零或者长度不能整出这个值的时候就输出 1 这种情况也就是把这一整个串当成一个循环节  如果能整出 
用英文润色一下下面一段论文:y.After each round of interaction, the consumer estimates the utility of the predicate used in the query, which is useful for planning the next round of interaction. The utility of a predicate 푃 expresses the anticipated accuracy improvement that R푃 brings to M. We define a measure that we call novelty to quantify predicate utility. The basic idea of this measure is to quantify the difference between the data acquired in the interaction to those that the consumer currently possesses. The higher the difference, the more information this interaction brings to the consumer. Let RM:푃 be the records the consumer currently possesses satisfying 푃. The novelty of predicate 푃, denoted as 푈푃 , is defined on RM:푃 and R푃 . More specifically, we consider a binary classification problem that treats RM:푃 and R푃 as samples from class 0 and class 1 respectively, and train a classifier CLF to distinguish between the two sets of records. The utility of 푃 is computed as follows:
02-13
请用中文润色:每一轮交互后,消费者估计查询中使用的谓词的效用,这对规划下一轮交互很有用。谓词 푃 的效用表示 R푃 给 M 带来的预期精确度提高。我们定义了一个称为新颖性的度量来量化谓词效用。...
翻译一下“When you specify this option, the path to the file list gets added as a prefix to the content of the file list. ”
最新发布
07-30
The user provided some references, but they appear to be about lint tools and Spring Boot properties, which aren't directly relevant to this VCS question. I should focus on the technical accuracy of ...
翻译Thrilled+to+be+on+the+winning+side+of+this+slice+of+history,+Yuan,+a+25- year-old+native+of+Jiangs
03-08
"Thrilled to be on the winning side of this slice of history" means that the person is extremely happy and excited to be part of the group or team that has emerged victorious in a particular event or ...
php明文密码加密,【转载】PHP明文加密
weixin_34353619的博客
03-18 167
转载地址忘记了,刚开始学PHP时,做的笔记function encrypt($string,$operation,$key=""){$key=md5($key);$key_length=strlen($key);$string=$operation=="D"?base64_decode($string):substr(md5($string.$key),0,8).$string;$string_l...
POJ -2406 Power Strings(循环节,kmp专题)
信仰.的博客
07-25 551
A - Power Strings Time Limit:3000MS     Memory Limit:65536KB     64bit IO Format:%lld & %llu Submit Status Description Given two strings a and b we define a*b to be their concatenati
POJ 2406 KMP 解题报告
onepointo
08-15 1265
Power StringsDescriptionGiven two strings a and b we define a*b to be their concatenation. For example, if a = “abc” and b = “def” then a*b = “abcdef”. If we think of concatenation as multiplication, e
kuangbin KMP G题
wtml
09-13 437
G - Power StringsGiven two strings a and b we define a*b to be their concatenation. For example, if a = “abc” and b = “def” then a*b = “abcdef”. If we think of concatenation as multiplication, exponent
poj 2406 Power Strings(KMP&思维)
记录成长的点点滴滴. . . . .
07-05 1050
Power Strings Time Limit: 3000MS   Memory Limit: 65536K Total Submissions: 31093   Accepted: 12974 Description Given two strings a and b we define a*b to be their concate
POJ2406-Power Strings【KMP】
QuantAsk
05-31 273
正题 链接: http://poj.org/problem?id=2406 大意 一个字符串,求最小循环节。 解题思路 用KMP求循环节。 因为如果有循环节那么一定是l-next[l]。只需要判断一下l-next[l]是否可以被l整除就好了 代码 #include<cstdio> #include<cstring> using namesp...
POJ 2406 Power Strings——字符串哈希
lllllan
07-27 184
传送门 Description Given two strings a and b we define ab to be their concatenation. For example, if a = “abc” and b = “def” then ab = “abcdef”. If we think of concatenation as multiplication, exponentiation by a non-negative integer is defined in the normal
A - Power Strings
x311609001028的博客
08-15 381
点击打开链接 Given two strings a and b we define a*b to be their concatenation. For example, if a = "abc" and b = "def" then a*b = "abcdef". If we think of concatenation as multiplication, exponent
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值