Looks like it's a bit difficult to test web
Address: http://www.shiyanbar.com/ctf/32
flag value: SimCTF {daima_shengji}
Problem-solving steps:
1. Open title page, observe the questions asked
2. that is to allow observation of the subject, problem-solving point to open the link, enter to view the content
3. Observe the topic, suggesting that the PHP code audit, the following words wrong, your IP there is Vlew the source code is not allowed within the list of options, the point PHP lines of code into the browser
4. The upper part of the code no problem, look at the bottom half, if ($ GetIPs == "1.1.1.1"), and by the following code to determine the code, as follows, if we want the flag value, IPs = "1.1. 1.1 ", but wrote the wrong code, your IP is not within the list of access, not to determine IP 1.1.1.1, if we can find a way to modify the mandatory IP 1.1.1.1, then, might be able to get the results here choose to modify capture tool with Burp
5. Go to Burp packet capture interface, and did not find anything strange, so put Repeater for further observation
6. After observing the left and right and there is no breakthrough, but if we want to get the flag in front when it comes to value, we must forcibly change the IP address, so the position to the left of random input: X-Forwarded-For: 1.1.1.1 click again to return to the right to see information GO
Notes: X-Forwarded-For most primitive is used to identify the IP address to connect to a Web server by HTTP proxy mode or load balancing client HTTP request header field
7. Echo has found the right line of code like a special flag value, then select Copy Submit
8. Submit successful, problem-solving to complete
