前言
这道题是我看了官方writeup才做出来的,最后是因为Nginx配置不当导致的漏洞,没错触及到了知识盲区,记录下来。
分析
点开题目链接,提示我必须登录。然后我习惯性的拿出burpsuite来抓包,发现Cookie字段中出现了可疑的login=0
,于是改为1发送过去,就好啦。
HTTP/1.1 200 OK
Server: nginx/1.10.2
Date: Wed, 03 Jan 2018 05:06:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30
content-text: text/html;charset=gbk
Content-Length: 1561
<html>
<head>
<title>Mini-Zone</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta charset="gbk" />
<link href="http://cdn.static.runoob.com/libs/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet">
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div class="container">
<div class="row clearfix">
<div class="col-md-12 column">
<nav class="navbar navbar-default" role="navigation">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="