[极客大挑战 2019]BuyFlag

菜单打开*/pay.php*，发现重要提示信息

Flag need your 100000000 money

If you want to buy the FLAG:
	You must be a student from CUIT!!!
	You must be answer the correct password!!!

查看源代码发现注释的PHP代码段

// ~~~post money and password~~~
if (isset($_POST['password'])) {
	$password = $_POST['password'];
	if (is_numeric($password)) {
		echo "password can't be number</br>";
	}elseif ($password == 404) {
		echo "Password Right!</br>";
	}
}

发现存在cookie
把cookie的user值改为1就表示是CUIT的学生

Cookie: user=1

使用php弱类型判断password=404e绕过密码检测
使用科学计数法money=10000e39绕过金额长度限制

上一页[护网杯 2018]easy_tornado 下一页[极客大挑战 2019]BabySQL

最后更新于4年前