当前位置:网站首页>[极客大挑战 2019]Havefun1
[极客大挑战 2019]Havefun1
2022-04-23 06:32:00 【隔壁Cc】
题目靶机链接
http://60076ab2-e535-445f-ac1b-6ea24e101699.node4.buuoj.cn:81
首先点击靶机 进去发现是一个猫咪(晃动尾巴发现还能动,目测像只乖巧的狗狗尾巴一摇一摇的,好了这不重要)
其次点击F12打开开发者模式发现有一串PHP代码,代码的意思为:以GET的方式传入cat,直接输出cat值,如果cat的值=dog 则输出 'Syc{cat_cat_cat_cat}'。
<!--
$cat=$_GET['cat'];
echo $cat;
if($cat=='dog'){
echo 'Syc{cat_cat_cat_cat}';
}
-->
代码意思理解清楚了就方便做题了,试一下输入 ?cat=dog flag就出来了
结束
版权声明
本文为[隔壁Cc]所创,转载请带上原文链接,感谢
https://blog.csdn.net/WINDY_PACE/article/details/121686876
边栏推荐
猜你喜欢
Houdini>刚体, 刚体破碎RBD
【编程实践/嵌入式比赛】嵌入式比赛学习记录(一):TCP服务器和web界面的建立
Internal network security attack and defense: a practical guide to penetration testing (8): Authority maintenance analysis and defense
Feign源码分析
Research on software security based on NLP (2)
数据库之MySQL——基础篇
內網滲透系列:內網隧道之icmpsh
《内网安全攻防:渗透测试实战指南》读书笔记(八):权限维持分析及防御
ABAP ALV显示金额与导出金额不一致
Dvwa 靶场练习记录
随机推荐
国基北盛-openstack-容器云-环境搭建
MYSQL——第一章节(数据类型2)
Houdini > variable building roads, learning process notes
What's new in. Net 5 NET 5
庄懂的TA笔记(零)<铺垫与学习方法>
Attack and defense world misc questions 1-50
SAP GUI安全性
Intranet penetration series: dnscat2 of Intranet tunnel
TA notes of Zhuang understand (zero) < bedding and learning methods >
Intranet penetration series: icmptunnel of Intranet tunnel (by master dhavalkapil)
Research on system and software security (2)
Buuctf misc brush questions
Unity C single case mode learning review notes
Sto with billing cross company inventory dump return
Série de pénétration Intranet: icmpsh du tunnel Intranet
Three minutes to teach you to use Houdini fluid > > to solve particle fluid droplets
linux下mysql数据库备份与恢复(全量+增量)
C problem of marking the position of polygons surrounded by multiple rectangles
攻防世界MISC刷题1-50
【问题解决】VS2019解决编译生成的exe文件打不开的情况