当前位置:网站首页>Buuctf, web:[geek challenge 2019] buyflag
Buuctf, web:[geek challenge 2019] buyflag
2022-07-03 22:08:00 【Part 02】
attention
If you want to buy the FLAG:
You must be a student from CUIT!!!
You must be answer the correct password!!!Only Cuit's students can buy the FLAG
Three tips , buy , use money=100000000, It's a CUIT Of the students , Correct password
Source code
~~~post money and password~~~
if (isset($_POST['password']))
{
$password = $_POST['password'];
if (is_numeric($password))
{
echo "password can't be number</br>";
}
elseif ($password == 404)
{
echo "Password Right!</br>";
}
}Weak comparison
password=404a
This is the code
Grab the bag post Still no response , The second tip is useless , Students can only correspond to cookie Of user
Change it to 1
Three conditions meet two ,money The parameter is too long
Use scientific counting method to get flag, Operation not available
flag{baf3e10e-319b-4315-a300-09be81b69856}
边栏推荐
- Base ring tree Cartesian tree
- What if the Flink SQL client exits and the table is emptied?
- js demo 計算本年度還剩下多少天
- 常用sql集合
- Collection | pytoch common loss function disassembly
- Redis concludes that the second pipeline publishes / subscribes to bloom filter redis as a database and caches RDB AOF redis configuration files
- (POJ - 2912) rochambau (weighted concurrent search + enumeration)
- Bluebridge cup Guoxin Changtian single chip microcomputer -- detailed explanation of schematic diagram (IV)
- Redis single thread and multi thread
- Report on the development strategy of China's engineering bidding agency and suggestions for the 14th five year plan Ⓙ 2022 ~ 2028
猜你喜欢
![[dynamic planning] counting garlic customers: the log of garlic King (the longest increasing public subsequence)](/img/29/543dce2f24130d22c1824385fbfa8f.jpg)
[dynamic planning] counting garlic customers: the log of garlic King (the longest increasing public subsequence)
JS closure knowledge points essence
Data consistency between redis and database
Implementation principle of inheritance, encapsulation and polymorphism
The latest analysis of crane driver (limited to bridge crane) in 2022 and the test questions and analysis of crane driver (limited to bridge crane)
What is the difference between res.send() and res.end() in the node express framework
Yyds dry inventory hcie security Day12: concept of supplementary package filtering and security policy
使用dnSpy对无源码EXE或DLL进行反编译并且修改
How PHP gets all method names of objects
(5) User login - services and processes - History Du touch date stat CP
随机推荐
LeetCode 1646. Get the maximum value in the generated array
Supply and demand situation and market scale calculation report of China's portable energy storage power PES industry Ⓛ 2022 ~ 2028
常用sql集合
Common SQL sets
Farmersworld farmers world, no faith, how to talk about success?
DR882-Qualcomm-Atheros-QCA9882-2T2R-MIMO-802.11ac-Mini-PCIe-Wi-Fi-Module-5G-high-power
Development mode and Prospect of China's IT training industry strategic planning trend report Ⓣ 2022 ~ 2028
WiFi 2.4g/5g/6g channel distribution
Blue Bridge Cup Guoxin Changtian MCU -- program download (III)
Luogu deep foundation part 1 Introduction to language Chapter 6 string and file operation
抓包整理外篇——————autoResponder、composer 、statistics [ 三]
treevalue——Master Nested Data Like Tensor
DR-NAS26-Qualcomm-Atheros-AR9582-2T-2R-MIMO-802.11-N-5GHz-high-power-Mini-PCIe-Wi-Fi-Module
Summary of basic knowledge of exception handling
The latest analysis of crane driver (limited to bridge crane) in 2022 and the test questions and analysis of crane driver (limited to bridge crane)
The White House held an open source security summit, attended by many technology giants
How to store null value on the disk of yyds dry inventory?
Rest参考
国泰君安证券开户是安全可靠的么?怎么开国泰君安证券账户
Oil monkey plug-in