3
【Root-Me】 HTTP - cookies
source link: https://exp-blog.com/safe/ctf/rootme/web-server/http-cookies/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
【Root-Me】 HTTP
输入任意 email 后,点击 Saved email adresses 后提示 You need to be admin 。
在页面源码发现注释了一行代码 <!--SetCookie("ch7","visiteur");-->,检查 Cookie 发现当前 ch7=visiteur 。
使用 Burp Suite -> Repeater 模拟 Saved email adresses 提交行为,修改 Cookie 为 ch7=admin ,提交后得到密码,完成挑战。
flag 下载后的 flagzip 的文件需要手动更改后缀为
*.zip,然后解压即可(为了避免直接刷答案)
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK