1、Cosmos 的博客

HGAME 2020 week1 web-LMLPHP
HGAME 2020 week1 web-LMLPHP
知识点:git source code leak

2、接 头 霸 王

HGAME 2020 week1 web-LMLPHP
Description
HGAME Re:Dive 开服啦~
打开题目,提示了“头”和一个网址,“头”就是burpsuite的http Header了
1、用burpsuite抓包,添加Referer:https://vidar.club/
HGAME 2020 week1 web-LMLPHP
2、又要求本地访问,然后加上X-Forwarded-For:127.0.0.1,伪造ip
HGAME 2020 week1 web-LMLPHP
3、要求用Cosmos的浏览器访问,修改User-Agent:加上Cosmos
HGAME 2020 week1 web-LMLPHP
4、GET改为POST
HGAME 2020 week1 web-LMLPHP
5、纳尼,flag将在2077年后更新,但response头中看到有Last-Modified(最后修改时间)这一属性HGAME 2020 week1 web-LMLPHP
而requests头中和它对应的就是If-Unmodified-Since,遂添加
HGAME 2020 week1 web-LMLPHP

3、Code World

1、显示403,用burpsuite转包看看
HGAME 2020 week1 web-LMLPHP
2、发现是302跳到这个页面,那就访问index.php
HGAME 2020 week1 web-LMLPHP
3、发现存在405,改为POST请求
HGAME 2020 week1 web-LMLPHP
4、提示url传参,直接传参:/?a=1+9
HGAME 2020 week1 web-LMLPHP
果然,题目要求url传值,但加号在url中会被解析为空格
加号urlendecode后为%2b
5、最终,传参:/?a=1%2b9
HGAME 2020 week1 web-LMLPHP
知识点:url编码

4、

05-16 01:39