web[download]
想下啥就下啥~别下音乐,不骗你,试试下载其他东西~
真·奥义·传送:点我
查看元素,下载download.php:将download.php编码成base64在源码中点开,得到
??<?php error_reporting(0); include("hereiskey.php"); $url=base64_decode($_GET[url]); if( $url=="hereiskey.php" || $url=="buxiangzhangda.mp3" || $url=="xingxingdiandeng.mp3" || $url=="download.php"){ $file_size = filesize($url); header ( "Pragma: public" ); header ( "Cache-Control: must-revalidate, post-check=0, pre-check=0" ); header ( "Cache-Control: private", false ); header ( "Content-Transfer-Encoding: binary" ); header ( "Content-Type:audio/mpeg MP3"); header ( "Content-Length: " . $file_size); header ( "Content-Disposition: attachment; filename=".$url); echo(file_get_contents($url)); exit; } else { echo "Access Forbidden!"; } ?>
再下载hereiskey.php:
[cookie]
COOKIE就是甜饼的意思~ 地址:传送门 TIP: 0==not
将cookie改为1:
在响应中查看结果