购物网站开发方案,怎么直接做免费网站吗,上海网站建设 网页制作,文学类网站模板1.打开靶机
打开第一个链接 2.万能密码
使用万能密码#xff1a;a or 1 #
密码为随意 第二个用kali打开
3.ssh连接靶机 ssh ctf284490d0-7600-4c65-9160-5ced02f45633.node5.buuoj.cn -p 28191 由题可知密码为123456 4.找到并修改index.php文件
找到index.php文件 #内容如…
1.打开靶机
打开第一个链接 2.万能密码
使用万能密码a or 1 #
密码为随意 第二个用kali打开
3.ssh连接靶机 ssh ctf284490d0-7600-4c65-9160-5ced02f45633.node5.buuoj.cn -p 28191 由题可知密码为123456 4.找到并修改index.php文件
找到index.php文件 #内容如下 !DOCTYPE html html langzh head meta charsetUTF-8 meta http-equivX-UA-Compatible contentIEedge,chrome1 meta nameviewport contentwidthdevice-width, initial-scale1.0 title让我访问/title link hrefhttp://cdn.bootcss.com/bootstrap/3.3.7/css/bootstrap.min.css relstylesheet link hrefhttp://cdn.bootcss.com/font-awesome/4.6.3/css/font-awesome.min.css relstylesheet link relstylesheet typetext/css hrefcss/htmleaf-demo.css style typetext/css .form-bg { padding: 2em 0; } .form-horizontal { background: #ffffff; padding-bottom: 40px; border-radius: 15px; text-align: center; } .form-horizontal .heading { display: block; font-size: 35px; font-weight: 700; padding: 35px 0; border-bottom: 1px solid #f0f0f0; margin-bottom: 30px; } .form-horizontal .form-group { padding: 0 40px; margin: 0 0 25px 0; position: relative; } .form-horizontal .form-control { background: #f0f0f0; border: none; border-radius: 20px; box-shadow: none; padding: 0 20px 0 45px; height: 40px; transition: all 0.3s ease 0s; } .form-horizontal .form-control:focus { background: #e0e0e0; box-shadow: none; outline: 0 none; } .form-horizontal .form-group i { position: absolute; top: 12px; left: 60px; font-size: 17px; color: #c8c8c8; transition: all 0.5s ease 0s; } .form-horizontal .form-control:focus i { color: #00b4ef; } .form-horizontal .fa-question-circle { display: inline-block; position: absolute; top: 12px; right: 60px; font-size: 20px; color: #808080; transition: all 0.5s ease 0s; } .form-horizontal .fa-question-circle:hover { color: #000; } .form-horizontal .main-checkbox { float: left; width: 20px; height: 20px; background: #11a3fc; border-radius: 50%; position: relative; margin: 5px 0 0 5px; border: 1px solid #11a3fc; } .form-horizontal .main-checkbox label { width: 20px; height: 20px; position: absolute; top: 0; left: 0; cursor: pointer; } .form-horizontal .main-checkbox label:after { content: ; width: 10px; height: 5px; position: absolute; top: 5px; left: 4px; border: 3px solid #fff; border-top: none; border-right: none; background: transparent; opacity: 0; -webkit-transform: rotate(-45deg); transform: rotate(-45deg); } .form-horizontal .main-checkbox input[typecheckbox] { visibility: hidden; } .form-horizontal .main-checkbox input[typecheckbox]:checked label:after { opacity: 1; } .form-horizontal .text { float: left; margin-left: 7px; line-height: 20px; padding-top: 5px; text-transform: capitalize; } .form-horizontal .btn { float: right; font-size: 14px; color: #fff; background: #00b4ef; border-radius: 30px; padding: 10px 25px; border: none; text-transform: capitalize; transition: all 0.5s ease 0s; } media only screen and (max-width: 479px) { .form-horizontal .form-group { padding: 0 25px; } .form-horizontal .form-group i { left: 45px; } .form-horizontal .btn { padding: 10px 20px; } } /style /head body div classhtmleaf-container header classhtmleaf-header h1我还可以教你敦 dua 郎哦。/h1 div classhtmleaf-links /div /header div classdemo form-bg div classcontainer div classrow div classcol-md-offset-3 col-md-6 form classform-horizontal methodget action span classheading让我访问/span div classform-group input typetext classform-control idinputEmail3 placeholder用户名 nameusername /div div classform-group help input typepassword classform-control idinputPassword3 placeholder密码 namepassword /div div classform-group help input typesubmit classform-control idinputSubmit /div /form /div /div /div /div div classrelated /div /div /body /html h4 styletext-align: center; color: #000000 ?php error_reporting(0); include dbConnect.php; $username $_GET[username]; $password $_GET[password]; if (isset($_GET[username]) isset($_GET[password])) { $sql SELECT * FROM users WHERE username $username AND password $password; $result $mysqli-query($sql); if (!$result) die(mysqli_error($mysqli)); $data $result-fetch_all(); // 从结果集中获取所有数据 if (!empty($data)) { echo 登录成功; } else { echo 用户名或密码错误; } } ? /h4 $ 增加两行 $username addslashes($username); $password addslashes($password); 最终index.php的内容如下 !DOCTYPE html html langzh head meta charsetUTF-8 meta http-equivX-UA-Compatible contentIEedge,chrome1 meta nameviewport contentwidthdevice-width, initial-scale1.0 title让我访问/title link hrefhttp://cdn.bootcss.com/bootstrap/3.3.7/css/bootstrap.min.css relstylesheet link hrefhttp://cdn.bootcss.com/font-awesome/4.6.3/css/font-awesome.min.css relstylesheet link relstylesheet typetext/css hrefcss/htmleaf-demo.css style typetext/css .form-bg { padding: 2em 0; } .form-horizontal { background: #ffffff; padding-bottom: 40px; border-radius: 15px; text-align: center; } .form-horizontal .heading { display: block; font-size: 35px; font-weight: 700; padding: 35px 0; border-bottom: 1px solid #f0f0f0; margin-bottom: 30px; } .form-horizontal .form-group { padding: 0 40px; margin: 0 0 25px 0; position: relative; } .form-horizontal .form-control { background: #f0f0f0; border: none; border-radius: 20px; box-shadow: none; padding: 0 20px 0 45px; height: 40px; transition: all 0.3s ease 0s; } .form-horizontal .form-control:focus { background: #e0e0e0; box-shadow: none; outline: 0 none; } .form-horizontal .form-group i { position: absolute; top: 12px; left: 60px; font-size: 17px; color: #c8c8c8; transition: all 0.5s ease 0s; } .form-horizontal .form-control:focus i { color: #00b4ef; } .form-horizontal .fa-question-circle { display: inline-block; position: absolute; top: 12px; right: 60px; font-size: 20px; color: #808080; transition: all 0.5s ease 0s; } .form-horizontal .fa-question-circle:hover { color: #000; } .form-horizontal .main-checkbox { float: left; width: 20px; height: 20px; background: #11a3fc; border-radius: 50%; position: relative; margin: 5px 0 0 5px; border: 1px solid #11a3fc; } .form-horizontal .main-checkbox label { width: 20px; height: 20px; position: absolute; top: 0; left: 0; cursor: pointer; } .form-horizontal .main-checkbox label:after { content: ; width: 10px; height: 5px; position: absolute; top: 5px; left: 4px; border: 3px solid #fff; border-top: none; border-right: none; background: transparent; opacity: 0; -webkit-transform: rotate(-45deg); transform: rotate(-45deg); } .form-horizontal .main-checkbox input[typecheckbox] { visibility: hidden; } .form-horizontal .main-checkbox input[typecheckbox]:checked label:after { opacity: 1; } .form-horizontal .text { float: left; margin-left: 7px; line-height: 20px; padding-top: 5px; text-transform: capitalize; } .form-horizontal .btn { float: right; font-size: 14px; color: #fff; background: #00b4ef; border-radius: 30px; padding: 10px 25px; border: none; text-transform: capitalize; transition: all 0.5s ease 0s; } media only screen and (max-width: 479px) { .form-horizontal .form-group { padding: 0 25px; } .form-horizontal .form-group i { left: 45px; } .form-horizontal .btn { padding: 10px 20px; } } /style /head body div classhtmleaf-container header classhtmleaf-header h1我还可以教你敦 dua 郎哦。/h1 div classhtmleaf-links /div /header div classdemo form-bg div classcontainer div classrow div classcol-md-offset-3 col-md-6 form classform-horizontal methodget action span classheading让我访问/span div classform-group input typetext classform-control idinputEmail3 placeholder用户名 nameusername /div div classform-group help input typepassword classform-control idinputPassword3 placeholder密码 namepassword /div div classform-group help input typesubmit classform-control idinputSubmit /div /form /div /div /div /div div classrelated /div /div /body /html h4 styletext-align: center; color: #000000 ?php error_reporting(0); include dbConnect.php; $username $_GET[username]; $password $_GET[password]; $username addslashes($username); $password addslashes($password); if (isset($_GET[username]) isset($_GET[password])) { $sql SELECT * FROM users WHERE username $username AND password $password; $result $mysqli-query($sql); if (!$result) die(mysqli_error($mysqli)); $data $result-fetch_all(); // 从结果集中获取所有数据 if (!empty($data)) { echo 登录成功; } else { echo 用户名或密码错误; } } ? /h4 保存修改后的index.php文件
5.再次访问
然后访问第一个链接使用万能密码登录发现账号或密码错误登不进去 访问第三个链接在后面加上/check 等待一会 6.得到flag
将/check改为/flag得到flag
