归档 分类 标签 关于 RSS
bugku 2320 Ketchup writeup
folder ctf   label writeup   ctf   bugku   welcome-ctf-2021   WEB  

启动场景后打开网址

1

没找到啥有用东西

2

查看robots.txt

3

查看源代码,猜测存在bak文件

4

请求reborn.php.bak获得源代码

 1<?php
 2if (isset($_POST['ketchup'])) {
 3  $ketchup = htmlspecialchars($_POST['ketchup']);
 4  if (strcmp($ketchup, 'no ketchup, raw sauce -- too many calories, not good') == 0) {
 5    echo '<h1>You got it. But nothing to see here for now.</h1>';
 6  } else {
 7    echo 'Wrong answer. Go away.';
 8  }
 9} else {
10  echo 'You forgot to give an answer. Go back.';
11}
12?>

根据strcmp()获得字符串进行提交,获得flag

5

白帽谷哥
🧨🚀🪐🌌
归档 分类 标签 关于 RSS

京ICP备2025131704号-1

© 本站内容解释权归网站所有者所有