0x01 basis bedding
-
Topic Keywords
Cookie deception, certification, forgery
-
Brief
Some websites in order to identify the user's identity, a Session tracking and storage of data (usually encrypted) on the user's local terminal by the user of the client computer temporarily or permanently stored information. Simple to understand is the site system to authenticate a user's credentials or "keys."
0x02 WriteUp
- Show title
- analysis
1. Cookie and related topics, and tips only admin
can get flag.
2. We use Burpsuite
Ethereal look at the data, the key data you can see Cookie:admin=0
.
3. Combination topic forged Cookie, admin=0
can not see the Flag, indicates that the server-side validation is not issued to the request from the admin, so we do not see Flag! We try to modify the Cookie, will be Cookie:admin=0
changed to Cookie:admin=1
. The principle is speculation server authentication admin=1
as an administrator, you can see Flag. Others such admin=0
, it represents a non-administrator user can not see the Flag information. This information is also known as ultra vires view 垂直越权漏洞
.
4. After modification attempts to exploit Burpsuite
the request sent at this time that the request from the server Admin
, you can see that we need a response packet Flag appears inside.
0x03 The End
I do not get lost focus, learn CTF little knowledge every day!
Please indicate the source!