题目
查看页面源码代码
有个pay.php文件打开查看
查看页面源代码,下面是主要代码
<!--~~~post money and password~~~
if (isset($_POST['password'])) {$password = $_POST['password'];if (is_numeric($password)) {echo "password can't be number</br>";}elseif ($password == 404) {echo "Password Right!</br>";}
}
-->抓包试试
翻译
Cookie: user=1POST传参money和password,这里要数组绕过
password=404a&money[]=100000000
拿下flag
flag{2a0ec49c-77b7-4732-9747-c03f340a5c1c}
![[RoarCTF 2019]Easy Calc1](https://i-blog.csdnimg.cn/direct/f42283d1c7aa43bc8f6db0940fc4ae57.png)
