文章目錄

#古典密码知识
参考资料《图解密码学》

凯撒密码:csesar cipher

#经典案例值ESPCMS

ESPCMS最新 V5.8.14.03.03 UTF8 正式版暴力注入
EspCMS最新版可伪造任意帐户登陆(简单利用代码)

旧版本加解密函数如下:

function eccode($string, $operation = 'DECODE', $key = '@LFK24s224%@safS3s%1f%', $mcrype = true) {

    $result = null;

    if ($operation == 'ENCODE') {

        for ($i = 0; $i < strlen($string); $i++) {

            $char = substr($string, $i, 1);

            $keychar = substr($key, ($i % strlen($key)) - 1, 1);

            $char = chr(ord($char) + ord($keychar)); //看到这应该懂了

            $result.=$char;

        }

        $result = base64_encode($result);

        $result = str_replace(array('+', '/', '='), array('-', '_', ''), $result);

    } elseif ($operation == 'DECODE') {

        $data = str_replace(array('-', '_'), array('+', '/'), $string);

        $mod4 = strlen($data) % 4;

        if ($mod4) {

            $data .= substr('====', $mod4);

        }

        $string = base64_decode($data);

        for ($i = 0; $i < strlen($string); $i++) {

            $char = substr($string, $i, 1);

            $keychar = substr($key, ($i % strlen($key)) - 1, 1);

            $char = chr(ord($char) - ord($keychar));

            $result.=$char;

        }

    }

    return $result;

}
文章目錄