当前位置:网站首页>Buuctf, web:[geek challenge 2019] buyflag
Buuctf, web:[geek challenge 2019] buyflag
2022-07-03 22:08:00 【Part 02】
attention
If you want to buy the FLAG:
You must be a student from CUIT!!!
You must be answer the correct password!!!Only Cuit's students can buy the FLAG
Three tips , buy , use money=100000000, It's a CUIT Of the students , Correct password
Source code
~~~post money and password~~~
if (isset($_POST['password']))
{
$password = $_POST['password'];
if (is_numeric($password))
{
echo "password can't be number</br>";
}
elseif ($password == 404)
{
echo "Password Right!</br>";
}
}Weak comparison
password=404a
This is the code
Grab the bag post Still no response , The second tip is useless , Students can only correspond to cookie Of user
Change it to 1
Three conditions meet two ,money The parameter is too long
Use scientific counting method to get flag, Operation not available
flag{baf3e10e-319b-4315-a300-09be81b69856}
边栏推荐
- Implementation principle of inheritance, encapsulation and polymorphism
- Bluebridge cup Guoxin Changtian single chip microcomputer -- detailed explanation of schematic diagram (IV)
- Supply and demand situation and market scale calculation report of China's portable energy storage power PES industry Ⓛ 2022 ~ 2028
- Data consistency between redis and database
- Why use pycharm to run the use case successfully but cannot exit?
- [sg function] 2021 Niuke winter vacation training camp 6 h. winter messenger 2
- (5) User login - services and processes - History Du touch date stat CP
- Report on the development status and investment planning trends of China's data center industry Ⓡ 2022 ~ 2028
- WiFi 2.4g/5g/6g channel distribution
- 内存分析器 (MAT)
猜你喜欢
The latest analysis of R1 quick opening pressure vessel operation in 2022 and the examination question bank of R1 quick opening pressure vessel operation
On my first day at work, this API timeout optimization put me down!
![[dynamic programming] Ji Suan Ke: Suan tou Jun breaks through the barrier (variant of the longest increasing subsequence)](/img/6c/2d48d441fee1981a271319fd9f6c23.jpg)
[dynamic programming] Ji Suan Ke: Suan tou Jun breaks through the barrier (variant of the longest increasing subsequence)
Pooling idea: string constant pool, thread pool, database connection pool
Data consistency between redis and database
UC Berkeley proposes a multitask framework slip
Bluebridge cup Guoxin Changtian single chip microcomputer -- detailed explanation of schematic diagram (IV)
What is the difference between res.send() and res.end() in the node express framework
Exclusive interview with the person in charge of openkruise: to what extent has cloud native application automation developed now?
Collection | pytoch common loss function disassembly
随机推荐
Report on the development status and investment planning trends of China's data center industry Ⓡ 2022 ~ 2028
Supply and demand situation and market scale calculation report of China's portable energy storage power PES industry Ⓛ 2022 ~ 2028
[SRS] build a specified version of SRS
Market layout planning and latest dynamic analysis report of China's smart public security industry Ⓕ 2022 ~ 2028
Data consistency between redis and database
内存分析器 (MAT)
Leetcode problem solving - 230 The k-th smallest element in the binary search tree
What indicators should be paid attention to in current limit monitoring?
使用dnSpy對無源碼EXE或DLL進行反編譯並且修改
[secretly kill little partner pytorch20 days] - [day3] - [example of text data modeling process]
Blue Bridge Cup Guoxin Changtian single chip microcomputer -- software environment (II)
Code in keil5 -- use the code formatting tool astyle (plug-in)
Cognitive fallacy: Wittgenstein's ruler
Redis concludes that the second pipeline publishes / subscribes to bloom filter redis as a database and caches RDB AOF redis configuration files
[sg function]split game (2020 Jiangxi university student programming competition)
Global and Chinese market of gallic acid 2022-2028: Research Report on technology, participants, trends, market size and share
常用sql集合
Base ring tree Cartesian tree
The latest analysis of crane driver (limited to bridge crane) in 2022 and the test questions and analysis of crane driver (limited to bridge crane)
Farmersworld farmers world, no faith, how to talk about success?