BugKu-WEB-源代码

BugKu-WEB-源代码

Mel0ny Lv5
  2025-09-01 11:05:26 2025-09-01 11:05:26 创建   2025-09-01 11:33:11 2025-09-01 11:33:11 更新      459 字  2 分钟  

BugKu-WEB-源代码

题目

Question
Question

思路

题目提示看源代码,看源代码,发现传递方式是POST,而且有一段编码,也有一段脚本,考察代码审计

1
2
3
4
5
<script>
var p1 = '%66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%53%75%62%6d%69%74%28%29%7b%76%61%72%20%61%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%70%61%73%73%77%6f%72%64%22%29%3b%69%66%28%22%75%6e%64%65%66%69%6e%65%64%22%21%3d%74%79%70%65%6f%66%20%61%29%7b%69%66%28%22%36%37%64%37%30%39%62%32%62';
var p2 = '%61%61%36%34%38%63%66%36%65%38%37%61%37%31%31%34%66%31%22%3d%3d%61%2e%76%61%6c%75%65%29%72%65%74%75%72%6e%21%30%3b%61%6c%65%72%74%28%22%45%72%72%6f%72%22%29%3b%61%2e%66%6f%63%75%73%28%29%3b%72%65%74%75%72%6e%21%31%7d%7d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%6c%65%76%65%6c%51%75%65%73%74%22%29%2e%6f%6e%73%75%62%6d%69%74%3d%63%68%65%63%6b%53%75%62%6d%69%74%3b';
eval(unescape(p1) + unescape('%35%34%61%61%32' + p2));
</script>

这个代码一眼过去就像html的编码,打开赛博大厨解密一下,发现几段脚本

Question
Question
Question

1
function checkSubmit(){var a=document.getElementById("password");if("undefined"!=typeof a){if("67d709b2b54aa2aa648cf6e87a7114f1"==a.value)return!0;alert("Error");a.focus();return!1}}document.getElementById("levelQuest").onsubmit=checkSubmit;

javascript中的eval()函数代表着把字符串当代码来执行,也就是上面的代码
现在来分析这个javascript
大概意思就是密码框输入的是”67d709b2b54aa2aa648cf6e87a7114f1”这个字符串,就返回true,提交表单

输入字符串,发现返回了flag

Flag

1
flag{8aeb80c7baa47ed2e5a4e91d995b9b72}
  • 标题: BugKu-WEB-源代码
  • 作者: Mel0ny
  • 创建于 : 2025-09-01 11:05:26
  • 更新于 : 2025-09-01 11:33:11
  • 链接: https://mel0nyrame.github.io/2025/09/01/BugKu-WEB-源代码/
  • 版权声明: 本文章采用 CC BY-NC-SA 4.0 进行许可。
评论
目录
BugKu-WEB-源代码
  1. BugKu-WEB-源代码
    1. 题目
    2. 思路
    3. Flag