当前位置:网站首页>Buuctf, web:[geek challenge 2019] buyflag
Buuctf, web:[geek challenge 2019] buyflag
2022-07-03 22:08:00 【Part 02】
attention
If you want to buy the FLAG:
You must be a student from CUIT!!!
You must be answer the correct password!!!Only Cuit's students can buy the FLAG
Three tips , buy , use money=100000000, It's a CUIT Of the students , Correct password
Source code
~~~post money and password~~~
if (isset($_POST['password']))
{
$password = $_POST['password'];
if (is_numeric($password))
{
echo "password can't be number</br>";
}
elseif ($password == 404)
{
echo "Password Right!</br>";
}
}Weak comparison
password=404a
This is the code
Grab the bag post Still no response , The second tip is useless , Students can only correspond to cookie Of user
Change it to 1
Three conditions meet two ,money The parameter is too long
Use scientific counting method to get flag, Operation not available
flag{baf3e10e-319b-4315-a300-09be81b69856}
边栏推荐
- DR-AP40X9-A-Qualcomm-IPQ-4019-IPQ-4029-5G-4G-LTE-aluminum-body-dual-band-wifi-router-2.4GHZ-5GHz-QSD
- Luogu deep foundation part 1 Introduction to language Chapter 6 string and file operation
- Investment planning analysis and prospect prediction report of China's satellite application industry during the 14th five year plan Ⓑ 2022 ~ 2028
- Blue Bridge Cup Guoxin Changtian MCU -- program download (III)
- Intimacy communication -- [repair relationship] - use communication to heal injuries
- Data consistency between redis and database
- [sg function]split game (2020 Jiangxi university student programming competition)
- Exness: the Central Bank of England will raise interest rates again in March, and inflation is coming
- DR-NAS26-Qualcomm-Atheros-AR9582-2T-2R-MIMO-802.11-N-5GHz-high-power-Mini-PCIe-Wi-Fi-Module
- The 14th five year plan for the construction of Chinese Enterprise Universities and the feasibility study report on investment Ⓓ 2022 ~ 2028
猜你喜欢
On my first day at work, this API timeout optimization put me down!
Décompiler et modifier un exe ou une DLL non source en utilisant dnspy
![Intimacy communication -- [repair relationship] - use communication to heal injuries](/img/c2/f10405e3caf570dc6bd124d65b2e93.jpg)
Intimacy communication -- [repair relationship] - use communication to heal injuries
Control loop of program (while loop)
2022 G3 boiler water treatment registration examination and G3 boiler water treatment examination papers
![[dynamic programming] Ji Suan Ke: Suan tou Jun breaks through the barrier (variant of the longest increasing subsequence)](/img/6c/2d48d441fee1981a271319fd9f6c23.jpg)
[dynamic programming] Ji Suan Ke: Suan tou Jun breaks through the barrier (variant of the longest increasing subsequence)
Bluebridge cup Guoxin Changtian single chip microcomputer -- hardware environment (I)
Nacos common configuration
Dahua series books
仿网易云音乐小程序
随机推荐
UC Berkeley proposes a multitask framework slip
Netfilter ARP log
Farmersworld farmers world, no faith, how to talk about success?
Analysis report on the development trend and Prospect of global and Chinese supercontinuum laser source industry Ⓚ 2022 ~ 2027
Plug - in Oil Monkey
On my first day at work, this API timeout optimization put me down!
Code in keil5 -- use the code formatting tool astyle (plug-in)
仿网易云音乐小程序
Blue Bridge Cup Guoxin Changtian MCU -- program download (III)
How PHP adds two numbers
China's coal industry investment strategic planning future production and marketing demand forecast report Ⓘ 2022 ~ 2028
Nacos common configuration
[dynamic programming] Ji Suan Ke: Suan tou Jun breaks through the barrier (variant of the longest increasing subsequence)
Cognitive fallacy: what is Fredkin's paradox
What indicators should be paid attention to in current limit monitoring?
Capturing and sorting out external articles -- autoresponder, composer, statistics [III]
Bluebridge cup Guoxin Changtian single chip microcomputer -- hardware environment (I)
What is the difference between res.send() and res.end() in the node express framework
WiFi 2.4g/5g/6g channel distribution
[actual combat record] record the whole process of the server being attacked (redis vulnerability)