CTF problem solution five Web PHP Dafa (experiment)

Experimental bar topic link: http://www.shiyanbar.com/ctf/54

First of all, according to the prompt in the question, pay attention to the backup file.

After clicking on the topic link, there is a prompt index.php.txt at the end.So visit.

The GET method is used, which means that it can be tested in the way of ?id=XXX later.

The main logic of the program is that the value of the id obtained by the GET method must be included in hackerDJ, but after a url decryption, it is equal to it.

This involves the features of the urldecode function in PHP.urldecode will decrypt all numbers with % in the string.

Try to enter ?id=%68ackerDJ and press enter, but nothing happens.Look at the url of the browser and find that the browser has completed a url decoding for us, as shown in the figure:

So we need to encrypt the url twice for hackerDJ.

See an example:

$a="%2568ackerDJ";$a=urldecode($a);echo $a, "
";$a=urldecode($a);echo $a;?>

The symbol corresponding to %25 is %.

So after the first decryption, %68ackerDJ is obtained, and after decryption again, hackerDJ is obtained.

Enter ?id=%2568ackerDJ to get the flag:

flag: DUTCTF{PHP_is_the_best_program_language}