상세 컨텐츠

본문 제목

[HackCTF] Button

WEB HACKING

by koharin 2022. 1. 7. 01:18

본문

728x90
반응형

<body>
<h1 style="color: pink;">BUTTON</h1>
<p>아래의 버튼으로 하여금 플래그를 출력하게 해줘!</p>
<form action="" method="post">
	<input type="submit" name="button" value="button" />
</form>
</body>

소스를 확인하면, 버튼을 누를 경우 post 요청이 간다.

 

POST / HTTP/1.1
Host: ctf.j0n9hyun.xyz:2026
Content-Length: 13
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://ctf.j0n9hyun.xyz:2026
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://ctf.j0n9hyun.xyz:2026/
Accept-Encoding: gzip, deflate
Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: _ga=GA1.2.1799081705.1641484172; _gid=GA1.2.1906030710.1641484172; D_VISITOR_ID=2d609997-2e5a-fb1d-da93-60ee97fdb745; session=.eJwVjMsKgzAQAH-l5As0NRehB0ts8LArylbZHPuAaIw9WiP-e-11ZphNzJ_5-Rb5Jk4PkQuMPoLpPEqcQL8GpNYjFQmOhUKyvjaNAtl5Jp_hWC4YizNq51jaAaidONgJY-cOL1GWiokXpi5ALFbumwVDGS39X15xz2cYYQUqY61vzpp7drQO-ibWxF-rrwFllUDPqtZVytSOGFpvDaQHv4h9_wFg5j5H.FLilMQ.wWo5ZjIjEuoJwlId3SFPOrr2u_k
Connection: close

button=button

버튼을 누르고 proxy 툴로 패킷을 잡아보면 소스에서 button의 value가 button으로 설정되어있기 때문에  button 파라미터 값이 전달된다. 

 

button=flag로 변경 후 요청을 보내봤다.

flag가 출력된다.

728x90
반응형

'WEB HACKING' 카테고리의 다른 글

[LINE CTF 2024] jalyboy-jalygirl  (0) 2024.04.10
[LINE CTF 2024] jalyboy-baby  (0) 2024.03.24
[HackCTF] 보물  (0) 2022.01.07
[HackCTF] / (Web)  (0) 2022.01.07
[HackCTF] Hidden  (0) 2021.05.03

관련글 더보기