Attack and Defense World PHP2 (web advanced)

Enterprise 2023-10-02 22:03:30 views: null

Test point: url encoding and decoding

Ideas:
1. Open the interface and find nothing.
2. Scan the background and find two pages: index.php index.php2
3. There is no content in index.php.
In index.phps, you see prompt
4. Read the code, which means that the value of the incoming parameter id cannot be "===" admin, but the decoded value of the url is "==" admin.
5. Because the browser will automatically decode the URL once, we need to encrypt it twice here.
admin --> %61dmin (a is encrypted).
%61dmin–>%2561dmin (% is encrypted)
6. Write the url and return the flag.

The flag is in index.php, not index.phps.

Insert image description here
Insert image description here
Insert image description here
Insert image description here

Guess you like

Origin blog.csdn.net/my_name_is_sy/article/details/125340083
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com