当前位置:网站首页>Buuctf, web:[geek challenge 2019] buyflag
Buuctf, web:[geek challenge 2019] buyflag
2022-07-03 22:08:00 【Part 02】
attention
If you want to buy the FLAG:
You must be a student from CUIT!!!
You must be answer the correct password!!!Only Cuit's students can buy the FLAG
Three tips , buy , use money=100000000, It's a CUIT Of the students , Correct password
Source code
~~~post money and password~~~
if (isset($_POST['password']))
{
$password = $_POST['password'];
if (is_numeric($password))
{
echo "password can't be number</br>";
}
elseif ($password == 404)
{
echo "Password Right!</br>";
}
}Weak comparison
password=404a
This is the code
Grab the bag post Still no response , The second tip is useless , Students can only correspond to cookie Of user
Change it to 1
Three conditions meet two ,money The parameter is too long
Use scientific counting method to get flag, Operation not available
flag{baf3e10e-319b-4315-a300-09be81b69856}
边栏推荐
- Investment analysis and prospect trend prediction report of China's boron nitride industry Ⓨ 2022 ~ 2028
- [dynamic programming] Jisuan Ke: Jumping stake (variant of the longest increasing subsequence)
- Implementation principle of inheritance, encapsulation and polymorphism
- DOM light switch case
- 抓包整理外篇——————autoResponder、composer 、statistics [ 三]
- Uboot migration
- Yyds dry inventory hcie security Day12: concept of supplementary package filtering and security policy
- Common SQL sets
- LeetCode 1646. Get the maximum value in the generated array
- gslb(global server load balance)技术的一点理解
猜你喜欢
Yyds dry inventory hcie security Day12: concept of supplementary package filtering and security policy
常用sql集合
gslb(global server load balance)技術的一點理解
JS closure knowledge points essence
Why use pycharm to run the use case successfully but cannot exit?
![[actual combat record] record the whole process of the server being attacked (redis vulnerability)](/img/9c/34b916aca2f9270ec4cf4651f0de7e.jpg)
[actual combat record] record the whole process of the server being attacked (redis vulnerability)
Correlation
Persistence of Nacos
UC Berkeley proposes a multitask framework slip
Electronic tube: Literature Research on basic characteristics of 6j1
随机推荐
国泰君安证券开户是安全可靠的么?怎么开国泰君安证券账户
Conditional statements of shell programming
Functions and differences between static and Const
DR-NAS26-Qualcomm-Atheros-AR9582-2T-2R-MIMO-802.11-N-5GHz-high-power-Mini-PCIe-Wi-Fi-Module
油猴插件
Intimacy communication -- [repair relationship] - use communication to heal injuries
Rest reference
Rest参考
Imitation Netease cloud music applet
Market layout planning and latest dynamic analysis report of China's smart public security industry Ⓕ 2022 ~ 2028
Netfilter ARP log
What if the Flink SQL client exits and the table is emptied?
WFC900M-Network_ Card/Qualcomm-Atheros-AR9582-2T-2R-MIMO-802.11-N-900M-high-power-Mini-PCIe-Wi-Fi-Mod
Dynamic research and future planning analysis report of China's urban water supply industry Ⓝ 2022 ~ 2028
Getting started with DOM
2022 safety officer-a certificate registration examination and summary of safety officer-a certificate examination
China's TPMS industry demand forecast and future development trend analysis report Ⓐ 2022 ~ 2028
MySQL - idea connects to MySQL
Cesium terrain clipping draw polygon clipping
2022 electrician (elementary) examination questions and electrician (elementary) registration examination