当前位置:网站首页>Buuctf, web:[geek challenge 2019] buyflag
Buuctf, web:[geek challenge 2019] buyflag
2022-07-03 22:08:00 【Part 02】
attention
If you want to buy the FLAG:
You must be a student from CUIT!!!
You must be answer the correct password!!!Only Cuit's students can buy the FLAG
Three tips , buy , use money=100000000, It's a CUIT Of the students , Correct password
Source code
~~~post money and password~~~
if (isset($_POST['password']))
{
$password = $_POST['password'];
if (is_numeric($password))
{
echo "password can't be number</br>";
}
elseif ($password == 404)
{
echo "Password Right!</br>";
}
}Weak comparison
password=404a
This is the code
Grab the bag post Still no response , The second tip is useless , Students can only correspond to cookie Of user
Change it to 1
Three conditions meet two ,money The parameter is too long
Use scientific counting method to get flag, Operation not available
flag{baf3e10e-319b-4315-a300-09be81b69856}
边栏推荐
- LeetCode 1646. Get the maximum value in the generated array
- China HDI market production and marketing demand and investment forecast analysis report Ⓢ 2022 ~ 2028
- Is it safe and reliable to open an account and register for stock speculation? Is there any risk?
- Plug - in Oil Monkey
- Farmersworld farmers world, no faith, how to talk about success?
- 股票炒股开户注册安全靠谱吗?有没有风险的?
- JS Demo calcule combien de jours il reste de l'année
- Report on the development status and investment planning trends of China's data center industry Ⓡ 2022 ~ 2028
- Base ring tree Cartesian tree
- Covariance
猜你喜欢
gslb(global server load balance)技術的一點理解
UC Berkeley proposes a multitask framework slip
Exclusive interview with the person in charge of openkruise: to what extent has cloud native application automation developed now?
Décompiler et modifier un exe ou une DLL non source en utilisant dnspy
![[dynamic programming] Ji Suan Ke: Suan tou Jun breaks through the barrier (variant of the longest increasing subsequence)](/img/6c/2d48d441fee1981a271319fd9f6c23.jpg)
[dynamic programming] Ji Suan Ke: Suan tou Jun breaks through the barrier (variant of the longest increasing subsequence)
Minio deployment
Compréhension de la technologie gslb (Global Server load balance)
使用dnSpy對無源碼EXE或DLL進行反編譯並且修改
MySQL——JDBC
Après 90 ans, j'ai démissionné pour démarrer une entreprise et j'ai dit que j'allais détruire la base de données Cloud.
随机推荐
Mindmanager2022 serial number key decompression installer tutorial
js demo 计算本年度还剩下多少天
Correlation
Team collaborative combat penetration tool CS artifact cobalt strike
Code in keil5 -- use the code formatting tool astyle (plug-in)
Après 90 ans, j'ai démissionné pour démarrer une entreprise et j'ai dit que j'allais détruire la base de données Cloud.
Is the account opening of Guotai Junan Securities safe and reliable? How to open Guotai Junan Securities Account
[sg function]split game (2020 Jiangxi university student programming competition)
Investment analysis and prospect trend prediction report of China's boron nitride industry Ⓨ 2022 ~ 2028
Yyds dry inventory Chapter 4 of getting started with MySQL: data types that can be stored in the data table
Let me ask you a question. Have you ever used the asynchronous io of Flink SQL to associate dimension tables in MySQL? I set various settings according to the official website
Station B, dark horse programmer, employee management system, access conflict related (there is an unhandled exception at 0x00007ff633a4c54d (in employee management system.Exe): 0xc0000005: read locat
Data consistency between redis and database
90 後,辭職創業,說要卷死雲數據庫
DR-AP40X9-A-Qualcomm-IPQ-4019-IPQ-4029-5G-4G-LTE-aluminum-body-dual-band-wifi-router-2.4GHZ-5GHz-QSD
MySQL - idea connects to MySQL
UC Berkeley proposes a multitask framework slip
Rest参考
Covariance
(POJ - 2912) rochambau (weighted concurrent search + enumeration)