[BSidesCF 2020]Hurdles
- 请求头伪造
我们访问/hurdles
回显
I'm sorry, I was expecting the PUT Method.
于是我们构造
PUT /hurdles HTTP/1.1
回显
I'm sorry, Your path would be more exciting if it ended in !
构造
PUT /hurdles/! HTTP/1.1
回显
I'm sorry, Your URL did not ask to `get` the `flag` in its query string.
构造
PUT /hurdles/!?get=flag HTTP/1.1
回显
I'm sorry, I was looking for a parameter named &=&=&
构造
PUT /hurdles/!?get=flag&%26%3d%26%3d%26=1 HTTP/1.1
回显
I'm sorry, I expected '&=&=&' to equal '%00
构造
PUT /hurdles/!?get=flag&%26%3d%26%3d%26=%2500%0a HTTP/1.1
回显
I'm sorry, Basically, I was expecting the username player.
构造
Authorization: Basic cGxheWVyOjU0ZWYzNmVjNzEyMDFmZGY5ZDE0MjNmZDI2Zjk3ZjZi
回显
I'm sorry, I was expecting you to be using a 1337 Browser.
构造
User-Agent: 1337
回显
I'm sorry, I was expecting your browser version (v.XXXX) to be over 9000!
构造
User-Agent: 1337 browser v.9100
回显
I'm sorry, I was eXpecting this to be Forwarded-For someone!
构造
x-forwarded-for: 127.0.0.1
回显
I'm sorry, I was eXpecting this to be Forwarded For someone through another proxy!
构造
x-forwarded-for: 1.1.1.1,127.0.0.1
回显
I'm sorry, I was expecting the forwarding client to be 13.37.13.37
构造
x-forwarded-for: 13.37.13.37,127.0.0.1
回显
I'm sorry, I was expecting a Fortune Cookie
构造
cookie: Fortune=1
回显
I'm sorry, I was expecting the cookie to contain the number of the HTTP Cookie (State Management Mechanism) RFC from 2011.
查了一下RFC标准是6265
构造
cookie: Fortune=6265
回显
I'm sorry, I expect you to accept only plain text media (MIME) type.
构造
Accept: text/plain
回显
I'm sorry, Я ожидал, что вы говорите по-русски.
构造
Accept-Language:ru
回显
I'm sorry, I was expecting to share resources with the origin https://ctf.bsidessf.net
构造
origin: https://ctf.bsidessf.net
回显
I'm sorry, I was expecting you would be refered by https://ctf.bsidessf.net/challenges?
构造
referer: https://ctf.bsidessf.net/challenges
回显
Congratulations!
header头找到flag