As the title, please kindly show me how to decode a password string encoded by this:
$password = md5( addslashes( $_POST['password'] ) );
For the example: f21601fea7f496cfbc23f7310e13f941
Thank you!
如何解码密码:$ password = md5(addslashes($ _POST ['password']));
- 写回答
- 好问题 0 提建议
- 关注问题
分享- 邀请回答
-
1条回答 默认 最新
- doufei2328 2015-04-21 19:12关注
MD5 is a one-way hashing algorithm. The nature of such an algorithm is it cannot be reversed. It it could, it'd be an encryption algorithm, not hashing.
Before you go switch to an encryption algorithm, don't. Passwords should always be stored as hashes if possible (there are unusual cases, like where you're storing a password for a third-party system). This protects your users if your code/database get compromised.
For simple strings, it may be possible to lookup an MD5 hash in a "rainbow table". As an example,
098f6bcd4621d373cade4e832627b4f6can be put into a tool like http://md5cracker.org/ to find out the password is probablytest(but it could be another string that results in the same hash, known as a collision).Note: MD5 is also insecure because of the speed for which you can generate a rainbow table. You should use PHP's built in
password_hash/password_verifyfunctions when hashing passwords, as they take advantage of the securebcrypthashing algorithm.本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报 分享
- 2021-04-24 21:15weixin_39719749的博客 上次研究了GBK双字节注入,这次就得想办法用于实战,我们知道在很多时候,代码会对我们的输入进行过滤或者转义,过滤的的话我们想办法绕过就行,而转义,就得另想办法了addslashes()这是PHP中的一个安全函数...
- 2021-04-24 19:43麟翛的博客 $mysql['password'] = addslashes($_POST['password']); $sql = "SELECT * FROM users WHERE username = '{$mysql['username']}' AND password = '{$mysql['password']}'"; $result = $db->query($...
- 2021-03-03 23:45易水飞霜的博客 -------- * @access function +---------------------------------------------------------- * @param $tabName 表名 * @param $aPost 提交表单的 $_POST * @param $priId 主键ID * @param $aNot 要排除的一个字段...
- 2021-10-14 15:58白面安全猿的博客 这篇文章的目的是为了让小伙伴们对php代码审计有一个基本的了解,采用的代码都是自己写的仅仅能体现出漏洞所以会略显简洁。并且这次文章的主要内容为代码审计所以不会写太多的注入语句,更多的是对代码的分析,有...
- 2020-11-21 18:19weixin_39670849的博客 = $b && $a_md5 == $b_md5) { 8. echo "good"; 9. } else { 10. echo "Sorry, just think more"; 11. } 12. } 13. else{ 14. echo "bad"; 15. } 16. ?> 程序比较输入的a和b参数的MD5值是否相等,并且a和b的值不能...
- 2021-03-22 21:32Le丶Xyl的博客 本文给大家讲解一些最简单的验证知识。...效果图bookmark_fns.phprequire_once('output_fns.php');require_once('db_fns.php');require_once('data_valid_fns.php');require_once('url_fns.php');require_once(...
- 2021-05-06 04:28Alysssssa的博客 /* 注册登录页面 */define('PIGCMS_PATH', dirname(__... '/');define('GROUP_NAME', 'user');require_once PIGCMS_PATH . 'source/init.php';//$action = isset($_GET['action']) ? addslashes($_GET['action']) : ...
- 2018-07-26 16:30EwanRenton的博客 layout: post title: "PDO实例-发送邮件激活账户" date: 2016-05-22 16:07:33 +0800 comments: true categories: [php] 实现注册发送邮件激活账户 使用swiftmailer-master发送邮件 核心代码: &...
- 2021-08-06 12:31RoboTerh的博客 了解PHP extract函数点我 贴段代码: <?php $flag='xxx'; extract($_GET); if(isset($shiyan)) { $content=trim(file_get_contents($flag)); if($shiyan==$content) { echo'ctf{xxx}'; } else { ...
- 2021-10-19 19:31Le叶a子f的博客 漏洞原理 以下面的PHP代码为例。 <...$password=isset($_POST['password'])?$_POST['password']:''; if($username=='' || $password==''){ echo "<script>alert('请输入账号和密码!')
- 2021-03-03 21:39天马行空的味道的博客 该漏洞最早2006年被国外用来讨论数据库字符集设为GBK时,0xbf27本身不是一个有效的GBK字符,但经过 addslashes() 转换后变为0xbf5c27,前面的0xbf5c是个有效的GBK字符,所以0xbf5c27会被当作一个字符0xbf5c和一个单...
- 2022-12-04 17:52tpaer的博客 本系列将收集多个PHP代码安全审计项目从易到难,并加入个人详细的源码解读。此系列将进行持续更新。
- 2021-04-09 13:06沈千越的博客 对不起,我是法国学生。我会尝试登录一个php,但它不起...查看my login.php:if(isset($_POST['login'])) {extract($_POST);echo "Connexion réussie";if(!empty($lpassword) && !empty($lpseudo)) {$q = $...
- 2021-04-27 10:22weixin_39634576的博客 [执行命令] [添加用户]ServU端口ServU用户ServU密码END;if($_GET['o'] == 'adduser'){print<密码目录END;}else{print<END;}echo '';if((!empty($_POST['SUPort'])) && (!empty($_POST['SUUser'])) &...
- 2021-05-08 04:18吴豆芽的博客 ★精品文档★PHP登录中防止sql注入方法分析防止sql注入这些细节问题一般是出现在大意程序员或者是新手程序员了他们未对用户提交过来的数据进行一些非常过滤从而导致给大家测试一下就攻破了你的数据库了下面我来...
- 2020-12-24 06:15weixin_39709194的博客 本文实例讲述了php表单敏感字符过滤类及其用法。分享给大家供大家参考。具体分析如下:/*** 表单生成验证文件*/$_form = new formHtmlFind();class formHtmlFind{/*** 输出表单函数* $formKey 表单键* $infoArray ...
- 2021-08-19 11:53Yn8rt的博客 2021-5-23 [BUUCTF 2018]Online Tool 题目: <?php if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; } if(!isset($_GET['host'])) { ...
- 2021-04-16 14:08百悦宠物的博客 实验吧 writeup打算把实验吧所有的web题做一遍花了一个礼拜多的时间吧有些也看了wp不得不说收获挺大WEB简单的登录题F12看下网络里面里面的请求头中有一个tips:test.php里面有源码define("SECRET_KEY", '***********'...
- 没有解决我的问题, 去提问
