一、题目分析
F12查看源码
<meta charset="utf-8"><!--Ah,really important,seriously. -->
提示utf-8编码很重要
题目提示python unicode,利用的漏洞是unicode安全问题,是关于Unionde等价性的漏洞
post输入id=4&price=1337 时提示Only one char(?) allowed!
只能使用一个字符,一个字符能够购买id4,于是我们需要找到一个字符比1337大的数字,前端html使用的是utf-8,后端python处理使用的是unicode,编码不一致造成了转码安全问题
二、解题
在编码网站https://www.compart.com/en/unicode/,寻找大于1337的数字
Unicode Character “፼” (U+137C)
፼
Name: | Ethiopic Number Ten Thousand[1] |
Numeric Value: | 10000[1] |
Unicode Version: | 3.0 (September 1999)[2] |
Block: | Ethiopic, U+1200 - U+137F[3] |
Plane: | Basic Multilingual Plane, U+0000 - U+FFFF[3] |
Script: | Ethiopic (Ethi) [4] |
Category: | Other Number (No) [1] |
Bidirectional Class: | Left To Right (L) [1] |
Combining Class: | Not Reordered (0) [1] |
Character is Mirrored: | No [1] |
HTML Entity: |
|
UTF-8 Encoding: | 0xE1 0x8D 0xBC |
UTF-16 Encoding: | 0x137C |
UTF-32 Encoding: | 0x0000137C |
Numeric Value: 10000
UTF-8 Encoding: 0xE1 0x8D 0xBC
将0x换成%,得到%E1%8D%BC,输入就可以购买flag了