当前位置:网站首页>Buuctf, web:[geek challenge 2019] buyflag
Buuctf, web:[geek challenge 2019] buyflag
2022-07-03 22:08:00 【Part 02】
attention
If you want to buy the FLAG:
You must be a student from CUIT!!!
You must be answer the correct password!!!Only Cuit's students can buy the FLAG
Three tips , buy , use money=100000000, It's a CUIT Of the students , Correct password
Source code
~~~post money and password~~~
if (isset($_POST['password']))
{
$password = $_POST['password'];
if (is_numeric($password))
{
echo "password can't be number</br>";
}
elseif ($password == 404)
{
echo "Password Right!</br>";
}
}Weak comparison
password=404a
This is the code
Grab the bag post Still no response , The second tip is useless , Students can only correspond to cookie Of user
Change it to 1
Three conditions meet two ,money The parameter is too long
Use scientific counting method to get flag, Operation not available
flag{baf3e10e-319b-4315-a300-09be81b69856}
边栏推荐
- What is the difference between res.send() and res.end() in the node express framework
- Functions and differences between static and Const
- DR-NAS26-Qualcomm-Atheros-AR9582-2T-2R-MIMO-802.11-N-5GHz-high-power-Mini-PCIe-Wi-Fi-Module
- Tidb's initial experience of ticdc6.0
- gslb(global server load balance)技術的一點理解
- Yyds dry inventory Chapter 4 of getting started with MySQL: data types that can be stored in the data table
- Leetcode problem solving - 235 Nearest common ancestor of binary search tree
- Market layout planning and latest dynamic analysis report of China's smart public security industry Ⓕ 2022 ~ 2028
- js demo 計算本年度還剩下多少天
- Team collaborative combat penetration tool CS artifact cobalt strike
猜你喜欢
Data consistency between redis and database
Mysql database - Advanced SQL statement (I)
Après 90 ans, j'ai démissionné pour démarrer une entreprise et j'ai dit que j'allais détruire la base de données Cloud.
treevalue——Master Nested Data Like Tensor
6.0 kernel driver character driver
常用sql集合
Minio deployment
Data consistency between redis and database
Preliminary analysis of smart microwave radar module
Implementation principle of inheritance, encapsulation and polymorphism
随机推荐
常用sql集合
Blue Bridge Cup Guoxin Changtian single chip microcomputer -- software environment (II)
Collections SQL communes
鹏城杯 WEB_WP
2022 electrician (elementary) examination questions and electrician (elementary) registration examination
Correlation
Leetcode problem solving - 230 The k-th smallest element in the binary search tree
JS Demo calcule combien de jours il reste de l'année
China's coal industry investment strategic planning future production and marketing demand forecast report Ⓘ 2022 ~ 2028
The 14th five year plan for the construction of Chinese Enterprise Universities and the feasibility study report on investment Ⓓ 2022 ~ 2028
Investment planning analysis and prospect prediction report of China's satellite application industry during the 14th five year plan Ⓑ 2022 ~ 2028
Sed、Awk
Farmersworld farmers world, no faith, how to talk about success?
Uboot migration
What is the content of the securities practice examination?
Report on the development strategy of China's engineering bidding agency and suggestions for the 14th five year plan Ⓙ 2022 ~ 2028
2022 G3 boiler water treatment registration examination and G3 boiler water treatment examination papers
Conditional statements of shell programming
Common SQL sets
2022 safety officer-b certificate examination summary and safety officer-b certificate simulation test questions