picoCTF
Web Exploitation
Insp3ct0r
How do you inspect web code on a browser?There’s 3 parts
ctrl+u看源码->1/3 of the flag: picoCTF{tru3_d3
mycss.css看源码-> 2/3 of the flag: t3ct1ve_0r_ju5t
myjs.js看源码->3/3 of the flag: _lucky?2e7b23e3}
where are the robots
What part of the website could tell you where the creator doesn’t want you to look?
提到robots,输入/robots.txt
得👇
User-agent: *
Disallow: /1bb4c.html
输入/1bb4c.html
得flag.
dont-use-client-side
Never trust the client
看源码
function verify() {
checkpass = docu