Jarvis OJ | WEB

login


F12无果

抓包

发现Hint: "select * from admin where password='".md5($pass,true)."'"
ffifdyop经过md5($password,true)过后恰好结果是'or'6�]��!r,��b,构造"select * from admin where password= 'or'6<乱码>'',即永真式。返回flag.

port51

curl
curl --local-port 51 http://web.jarvisoj.com:32770/

localhost

报头信息
X-FORWARDER-FOR:127.0.0.1

posted @ 2020-07-15 17:49  zer0_1s  阅读(136)  评论(0编辑  收藏  举报