当前位置:网站首页>BugkuCTF-web21(详细解题思路及步骤)
BugkuCTF-web21(详细解题思路及步骤)
2022-07-02 06:34:00 【hangshao0.0】
审题
题目并没有什么信息,只是鼓励你不要放弃,never give up。
F12获取信息
没有额外信息,刷新了几下,也没有出现新东西。
Burp suite抓包
提示了 1p.html ,于是把GET参数改为 1p.html ,得到一串JS代码
解码
于是,在线解码
解码后仍然存在注释内容,尝试用base64解码
解码之后,发现了新信息,出现了一些函数和判断语句,同时还有许多百分号
可以看出,还需要URL解码
分析PHP代码
得到PHP代码如下,总会有些函数是你不了解的,直接查一下就知道了
";if(!$_GET['id']) { header('Location: hello.php?id=1'); exit(); } $id=$_GET['id']; $a=$_GET['a']; $b=$_GET['b']; if(stripos($a,'.')) { echo 'no no no no no no no'; return ; } $data = @file_get_contents($a,'r'); if($data=="bugku is a nice plateform!" and $id==0 and strlen($b)>5 and eregi("111".substr($b,0,1),"1114") and substr($b,0,1)!=4) { $flag = "flag{
***********}" } else { print "never never never give up !!!";
}
?>
构造payload
参数为: /hello.php?id=0e&a=php://input&b=.123542
变量a,文件上传
变量b,首字母是一个点,不等于4,”111“和一个点拼接,可以与”1114“正则匹配
本来没打算写,后来又觉得这个题出得还是很好的,所以就写了一下,有帮助的话,欢迎点赞评论收藏。
边栏推荐
- C语言之做木桶
- MySQL事务
- 每天睡前30分钟阅读Day5_Map中全部Key值,全部Value值获取方式
- Double non undergraduate students enter the factory, while I am still quietly climbing trees at the bottom (Part 1)
- 别找了,Chrome浏览器必装插件都在这了
- Mathematics in machine learning -- point estimation (I): basic knowledge
- 分布式锁的这三种实现方式,如何在效率和正确性之间选择?
- ClassFile - Attributes - Code
- VIM操作命令大全
- Knife4j 2.X版本文件上传无选择文件控件问题解决
猜你喜欢
攻防世界-Web进阶区-unserialize3
十年開發經驗的程序員告訴你,你還缺少哪些核心競爭力?
Mysql 多列IN操作
Matplotlib swordsman line - first acquaintance with Matplotlib
Taking the upgrade of ByteDance internal data catalog architecture as an example, talk about the performance optimization of business system
Navicat 远程连接Mysql报错1045 - Access denied for user ‘root‘@‘222.173.220.236‘ (using password: YES)
Chrome浏览器标签管理插件–OneTab
自定义Redis连接池
"Redis source code series" learning and thinking about source code reading
Typeerror: X () got multiple values for argument 'y‘
随机推荐
Who is better for Beijing software development? How to find someone to develop system software
Chrome浏览器插件-Fatkun安装和介绍
From concept to method, the statistical learning method -- Chapter 3, k-nearest neighbor method
Amq6126 problem solving ideas
洞见云原生|微服务及微服务架构浅析
自定義Redis連接池
Chrome用户脚本管理器-Tampermonkey 油猴
Long summary (code with comments) number structure (C language) -- Chapter 4, string (Part 1)
每天睡觉前30分钟阅读_day3_Files
How to use PHP spoole to implement millisecond scheduled tasks
互联网API接口幂等设计
长篇总结(代码有注释)数构(C语言)——第四章、串(上)
Thinkphp5 how to determine whether a table exists
"Interview high frequency question" is 1.5/5 difficult, and the classic "prefix and + dichotomy" application question
记录下对游戏主机配置的个人理解与心得
Difference between redis serialization genericjackson2jsonredisserializer and jackson2jsonredisserializer
Flink - use the streaming batch API to count the number of words
Redis installation and deployment (windows/linux)
MySQL事务
What is the function of laravel facade