点击此处获得更好的阅读体验
WriteUp来源
https://dunsp4rce.github.io/csictf-2020/web/2020/07/19/Oreo.html
by INXS_JOY
题目描述
My nephew is a fussy eater and is only willing to eat chocolate oreo. Any other flavour and he throws a tantrum.
题目考点
解题思路
1 | My nephew is a fussy eater and is only willing to eat chocolate oreo. Any other flavour and he throws a tantrum. |
The site displays the above message when visited. I reloaded the page and captured the request using Burp Suite and found this.
I noticed that there is a cookie called flavour which seems to have a Base64 encoded value c3RyYXdiZXJyeQ==. Using an online base64 decoder like this, I got the decoded value as Strawberry.
The site says that the nephew only likes chocolate therefore I had an intuition to set the flavour cookie to base64 equivalent of "chocolate". Using the same base64 decoding site, we get Y2hvY29sYXRl as base64 encoded text of "chocolate". Now setting the flavour cookie to Y2hvY29sYXRl and sending the request, we get the flag.
You don't need to have burpsuite to solve this challenge, although it might be useful in solving higher difficulty problems. A normal browser extension cookie editor will do the job for this challenge.
Flag
1 | csictf{1ick_twi5t_dunk} |