web4
打开网页源码,发现如下代码:
<script>
var p1 = '%66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%53%75%62%6d%69%74%28%29%7b%76%61%72%20%61%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%70%61%73%73%77%6f%72%64%22%29%3b%69%66%28%22%75%6e%64%65%66%69%6e%65%64%22%21%3d%74%79%70%65%6f%66%20%61%29%7b%69%66%28%22%36%37%64%37%30%39%62%32%62';
var p2 = '%61%61%36%34%38%63%66%36%65%38%37%61%37%31%31%34%66%31%22%3d%3d%61%2e%76%61%6c%75%65%29%72%65%74%75%72%6e%21%30%3b%61%6c%65%72%74%28%22%45%72%72%6f%72%22%29%3b%61%2e%66%6f%63%75%73%28%29%3b%72%65%74%75%72%6e%21%31%7d%7d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%6c%65%76%65%6c%51%75%65%73%74%22%29%2e%6f%6e%73%75%62%6d%69%74%3d%63%68%65%63%6b%53%75%62%6d%69%74%3b';
eval(unescape(p1) + unescape('%35%34%61%61%32' + p2));
</script>url解码后:
var p1 = 'function checkSubmit(){var a=document.getElementById("password");if("undefined"!=typeof a){if("67d709b2b';
var p2 = 'aa648cf6e87a7114f1"==a.value)return!0;alert("Error");a.focus();return!1}}document.getElementById("levelQuest").onsubmit=checkSubmit;';
eval(unescape(p1) + unescape('54aa2' + p2));代码解析:
eval() 函数可计算某个字符串,并执行其中的的 JavaScript 代码。
unescape() 函数可对通过 escape() 编码的字符串进行解码。
escape() 函数可对字符串进行编码,这样就可以在所有的计算机上读取该字符串。
加号(+)拼接字符串,数字。
整理后代码如下:
function checkSubmit(){
var a=document.getElementById("password");
//获取ID名为password的文档元素,并赋给a
if("undefined"!=typeof a){
//判断a的类型是否undefined
if("67d709b2b54aa2aa648cf6e87a7114f1"==a.value)
//判断:a元素的value值是否为67d709b2b54aa2aa648cf6e87a7114f1
return!0;
alert("Error");
//弹框:Error
a.focus();
//获得焦点时,改变背景颜色
return!1
}
}
document.getElementById("levelQuest").onsubmit=checkSubmit;
//获取ID值为levelQuest的文档元素,点击submit时执行checksubmit函数
//onsubmit:再点击submit时发生,若返回真提交表单分析代码后,了解到表单的ID值为levelQuest,输入框的ID值为password,通过F12,修改网页元素为相应的值,在表单中提交67d709b2b54aa2aa648cf6e87a7114f1,拿到flag
p:考察Js,以及F12修改元素