知识点
HTTP请求头伪造。
WP
进入环境感觉是个登录页面。。admin登录会弹窗,然后不行。随便登录却能登录成功。登录的时候抓包看一下,发现了<!-- L0g1n.php -->
然后就是各种HTTP请求头的伪造了。
Sorry, this site will be available after totally 99 years!
这个可以把Cookie那里的time加个[]:
Cookie: PHPSESSID=96usdssv1f1mb25egjtbbt1rm5; time[]=1605530953
然后是 Sorry, this site is only optimized for those who comes from localhost
用client-ip伪造一下:
client-ip:127.0.0.1
然后是 Sorry, this site is only optimized for those who come from gem-love.com
用Referer伪造一下:
Referer:gem-love.com
然后就是这个: Sorry, this site is only optimized for browsers that run on Commodo 64
这玩意是真的坑。。。它不给全名,需要你去谷歌查它的全名。。。最后查出来是这样:
User-Agent: Commodore 64
Sorry, this site is only optimized for those whose email is root@gem-love.com
这个用From伪造:
From:root@gem-love.com
最后是这个 Sorry, this site is only optimized for those who use the http proxy of y1ng.vip
if you dont have the proxy, pls contact us to buy, ¥100/Month
用Via伪造:
Via:y1ng.vip
最后把得到的那串东西base64解密就可以得到flag了。
后来又看了一下别的师傅的WP,他们的表格总结的挺好的:
Header:请求头参数详解
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
