[极客大挑战 2019]BuyFlag
进入页面
点击menu,进到payflag页面,查看源代码
发现
<!--
~~~post money and password~~~
if (isset($_POST['password'])) {
$password = $_POST['password'];
if (is_numeric($password)) {
echo "password can't be number</br>";
}elseif ($password == 404) {
echo "Password Right!</br>";
}
}
-->
使用burpsuite抓包
把user改成1,post参数password,money进去
得flag