$what=$_POST['what']; echo $what; if($what=='flag') echo 'flag{****}';
启动BurpSuite,进行抓包
改变请求头为POST,
what=flag,即可获得
