BUUCTF-[极客大挑战 2019]BuyFlag
进去一看,哦原来是某安全团队的招募启示。
但没看到什么有用的信息,看到了Q群号,我还以为是一道社工题(=_=)
来到pay.php
![BUUCTF-[极客大挑战 2019]BuyFlag](https://image.miaokee.com:8440/aHR0cHM6Ly9pbWctYmxvZy5jc2RuaW1nLmNuLzIwMjEwNTI3MTUyMzQ5MzAzLnBuZw%3D%3D.png?w=700&webp=1 "BUUCTF-[极客大挑战 2019]BuyFlag")
看一下源码,发现了一串代码。
![BUUCTF-[极客大挑战 2019]BuyFlag](https://image.miaokee.com:8440/aHR0cHM6Ly9pbWctYmxvZy5jc2RuaW1nLmNuLzIwMjEwNTI3MTUxOTEzNzkxLnBuZw%3D%3D.png?w=700&webp=1 "BUUCTF-[极客大挑战 2019]BuyFlag")
<!--
~~~post money and password~~~
if (isset($_POST['password'])) {
$password = $_POST['password'];
if (is_numeric($password)) {
echo "password can't be number</br>";
}elseif ($password == 404) {
echo "Password Right!</br>";
}
}
-->
要post传入password,is_numeric () 函数用于检测变量是否为数字或数字字符串,如果是数字,输出password can't be number
Bp抓包![BUUCTF-[极客大挑战 2019]BuyFlag](https://image.miaokee.com:8440/aHR0cHM6Ly9pbWctYmxvZy5jc2RuaW1nLmNuLzIwMjEwNTI3MTUzMTI5NDU4LnBuZw%3D%3D.png?w=700&webp=1 "BUUCTF-[极客大挑战 2019]BuyFlag")
Cookie中user=0,把user=1放包试一下![BUUCTF-[极客大挑战 2019]BuyFlag](https://image.miaokee.com:8440/aHR0cHM6Ly9pbWctYmxvZy5jc2RuaW1nLmNuLzIwMjEwNTI3MTUzNDA0MzgzLnBuZw%3D%3D.png?w=700&webp=1 "BUUCTF-[极客大挑战 2019]BuyFlag")
需要输入密码,并且100000000美元。。。才能购买
结合上面得到的源码,post传参
password=404a&money=1000000000
![BUUCTF-[极客大挑战 2019]BuyFlag](https://image.miaokee.com:8440/aHR0cHM6Ly9pbWctYmxvZy5jc2RuaW1nLmNuLzIwMjEwNTI3MTUzOTAyNDUwLnBuZw%3D%3D.png?w=700&webp=1 "BUUCTF-[极客大挑战 2019]BuyFlag")
Nember lenth is too long
提示数字长度过长,那用科学计数法试一下money=1e9![BUUCTF-[极客大挑战 2019]BuyFlag](https://image.miaokee.com:8440/aHR0cHM6Ly9pbWctYmxvZy5jc2RuaW1nLmNuLzIwMjEwNTI3MTU0MDQyMzcxLnBuZw%3D%3D.png?w=700&webp=1 "BUUCTF-[极客大挑战 2019]BuyFlag")
得到flag