本文介绍了一个IDF实验室的CTF挑战,涉及一个简单的JavaScript编码问题。通过查看网页源代码,发现URL编码的字符串,解码后得到条件判断语句,挑战者需要输入特定的值才能成功。该值是动态生成的,解码过程可以借助XSS编码工具完成。
地址:
ctf.idf.cn/index.php?g=game&m=article&a=index&id=42
题目:
http://ctf.idf.cn/game/web/42/index.php
打开网页,显示一个输入框和一个提交按钮,直接查看源代码,发现有用的地方:
var p1 = '%66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%53%75%62%6d%69%74%28%29%7b%76%61%72%20%61%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%70%61%73%73%77%6f%72%64%22%29%3b%69%66%28%22%75%6e%64%65%66%69%6e%65%64%22%21%3d%74%79%70%65%6f%66%20%61%29%7b%69%66%28%22%61%32%64%31%38%35%37%34%61%62%37%33';
var p2 = '%61%62%65%39%30%62%33%38%39%35%65%38%65%36%33%32%38%36%22%3d%3d%61%2e%76%61%6c%75%65%29%72%65%74%75%72%6e%21%30%3b%61%6c%65%72%74%28%22%45%72%72%6f%72%22%29%3b%61%2e%66%6f%63%75%73%28%29%3b%72%65%74%75%72%6e%21%31%7d%7d%64%6f%63%75%6d%65%6e%74
ctf.idf.cn/index.php?g=game&m=article&a=index&id=42
题目:
http://ctf.idf.cn/game/web/42/index.php
打开网页,显示一个输入框和一个提交按钮,直接查看源代码,发现有用的地方:
var p1 = '%66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%53%75%62%6d%69%74%28%29%7b%76%61%72%20%61%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%70%61%73%73%77%6f%72%64%22%29%3b%69%66%28%22%75%6e%64%65%66%69%6e%65%64%22%21%3d%74%79%70%65%6f%66%20%61%29%7b%69%66%28%22%61%32%64%31%38%35%37%34%61%62%37%33';
var p2 = '%61%62%65%39%30%62%33%38%39%35%65%38%65%36%33%32%38%36%22%3d%3d%61%2e%76%61%6c%75%65%29%72%65%74%75%72%6e%21%30%3b%61%6c%65%72%74%28%22%45%72%72%6f%72%22%29%3b%61%2e%66%6f%63%75%73%28%29%3b%72%65%74%75%72%6e%21%31%7d%7d%64%6f%63%75%6d%65%6e%74
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
