[BJDCTF2020]Mark loves cat-洪萨配资

打开题目便是这样的，查看源代码没有什么发现，进行目录扫描返回如图

HTTP429 Too Many Requests是一个标准的状态码，表示服务器在特定的时间内收到了来自你 IP 地址的过多请求。为了保护带宽和防止被攻击（如 DDoS 或暴力扫描），服务器会自动封锁或拒绝你的后续请求

在后面给加上--timeout=2也是不可以

尝试一下看看有没有git源码泄露，因为这个也可以通过输入/.git来判断

输入/.git，如果返回403就是存在git源码泄露

而且使用dirsearch来进行目录扫描，就是加上 -t 5 -r --delay 0.5 使其扫描的慢一些，就会发现这就是一个git源码泄露

可以使用

pipx run githacker --url http://e6b426c2-d207-479d-8251-94fc7059e2ff.node5.buuoj.cn:81/ --output-folder ezezser

<?php $flag = file_get_contents('/flag');

index.php文件

<!DOCTYPE html> <html lang="zxx"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Home</title> <!--bootstrap Css--> <link href="assets/css/bootstrap.min.css" rel="stylesheet"> <!--ico font Css--> <link href="assets/css/font-awesome.min.css" rel="stylesheet"> <!-- magnific-popup Css--> <link href="assets/css/magnific-popup.css" rel="stylesheet"> <!--lineProgressbar Css--> <link href="assets/css/jquery.lineProgressbar.css" rel="stylesheet"> <!--owl.carousel Css--> <link href="assets/css/owl.carousel.css" rel="stylesheet"> <!--Slick Nav Css--> <link href="assets/css/slicknav.min.css" rel="stylesheet"> <!--Animate Css--> <link href="assets/css/animate.css" rel="stylesheet"> <!--Style Css--> <link href="assets/css/style.css" rel="stylesheet"> <!--Responsive Css--> <link href="assets/css/responsive.css" rel="stylesheet"> </head> <body> <!--nav section start--> <nav class="nav-area"> <div class="container"> <div class="row"> <div class="col-md-2"> <a href="#" class="logo"><img src="assets/img/logo.png" alt="logo image"></a> </div> <div class="col-md-10"> <ul id="main-menu"> <li><a href="#home">Home</a></li> <li><a href="#about">About</a></li> <li><a href="#resume">Resume</a></li> <li><a href="#service">Service</a></li> <li><a href="#work">Work</a></li> <li><a href="#clients-section">Testimonial</a></li> <li><a href="#blog">Blog</a></li> <li><a href="#contact">Contact</a></li> </ul> </div> </div> </div> </nav> <!--nav section end--> <!--header section start--> <header class="header-area header-bg" id="home"> <div class="header-inner"> <span>Welcome</span> <h1>I Am Mark Stev</h1> <h6>Web Developer , web designer</h6> <div class="scroll-down"> <span></span> </div> </div> </header> <!--header section end--> <!--about section start--> <section class="about-area" id="about"> <div class="container"> <div class="row"> <div class="col-md-6"> <img src="assets/img/profile-pic.jpg" alt="profile picture"> </div> <div class="col-md-6"> <div class="section-title inner"> <h2>About Me</h2> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Voluptatem quas error modi quaerat sequi, debitis!</p> </div> <ul> <li><strong>Full Name :</strong> Mark Stev</li> <li><strong>Age :</strong> 23</li> <li><strong>Address :</strong> Berlin, Germany</li> <li><strong>Email :</strong> mark@example.com</li> <li><strong>Phone :</strong> +111 222 333</li> <li><strong>Skype :</strong> Mark-333</li> <li><strong>Job :</strong> Grapich Designer</li> <li><strong>Freelancer :</strong> available</li> </ul> <a href="#" class="boxed-btn">Hire</a> <a href="#" class="boxed-btn">My work</a> </div> </div> </div> </section> <!--about section end--> <!--skill section start--> <section class="skill-section"> <div class="container"> <div class="row"> <div class="col-md-6 col-md-offset-3 text-center"> <div class="section-title main"> <h2>My Skill</h2> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Voluptatem quas error modi quaerat sequi, debitis!</p> </div> </div> </div> <div class="row text-center"> <div class="col-md-3 col-sm-6"> <div id="circle-1"></div> <h4 class="text-uppercase">Photoshop</h4> </div> <div class="col-md-3 col-sm-6"> <div id="circle-2"></div> <h4 class="text-uppercase">Illustrator</h4> </div> <div class="col-md-3 col-sm-6"> <div id="circle-3"></div> <h4 class="text-uppercase">Html</h4> </div> <div class="col-md-3 col-sm-6"> <div id="circle-4"></div> <h4 class="text-uppercase">Css</h4> </div> </div> </div> </section> <!--skill section end--> <!-- resome section start --> <section class="resome-area" id="resume"> <div class="container"> <div class="row"> <div class="col-md-6 col-md-offset-3 text-center"> <div class="section-title main"> <h2>Education &amp; Experience</h2> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Voluptatem quas error modi quaerat sequi, debitis!</p> </div> </div> </div> <div class="row"> <div class="col-md-6 col-sm-12"> <div class="education-details"> <div class="icon"> <i class="fa fa-briefcase"></i> </div> <div class="single-education-list"> <h4>MERIN LAND COLLEGE</h4> <span class="duration">2012 - 2014</span> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Vitae, consectetur.</p> </div> <div class="single-education-list"> <h4>MERIN LAND COLLEGE</h4> <span class="duration">2012 - 2014</span> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Vitae, consectetur.</p> </div> <div class="single-education-list"> <h4>MERIN LAND COLLEGE</h4> <span class="duration">2012 - 2014</span> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Vitae, consectetur.</p> </div> </div> </div> <div class="col-md-6 col-sm-12"> <div class="working-details"> <div class="icon"> <i class="fa fa-book"></i> </div> <div class="single-education-list"> <h4>MERIN LAND COLLEGE</h4> <span class="duration">2012 - 2014</span> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Vitae, consectetur.</p> </div> <div class="single-education-list"> <h4>MERIN LAND COLLEGE</h4> <span class="duration">2012 - 2014</span> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Vitae, consectetur.</p> </div> <div class="single-education-list"> <h4>MERIN LAND COLLEGE</h4> <span class="duration">2012 - 2014</span> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Vitae, consectetur.</p> </div> </div> </div> <div class="col-md-12 text-center"> <a href="#" class="boxed-btn">Download Resome</a> </div> </div> </div> </section> <!-- resome section end --> <!--service section start--> <section class="service-section" id="service"> <div class="container"> <div class="row"> <div class="col-md-6 col-md-offset-3 text-center"> <div class="section-title main"> <h2>My Daily Service</h2> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Voluptatem quas error modi quaerat sequi, debitis!</p> </div> </div> </div> <div class="service-inner"> <div class="row"> <div class="col-md-4 col-sm-6"> <div class="single-service-box"> <div class="icon"> <img src="assets/img/service-1.png" alt="service icon"> </div> <h4>Design</h4> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. At, nisi?</p> </div> </div> <div class="col-md-4 col-sm-6"> <div class="single-service-box"> <div class="icon"> <img src="assets/img/service-2.png" alt="service icon"> </div> <h4>DEVELOPMENT</h4> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. At, nisi?</p> </div> </div> <div class="col-md-4 col-sm-6"> <div class="single-service-box"> <div class="icon"> <img src="assets/img/service-3.png" alt="service icon"> </div> <h4>BRANDING</h4> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. At, nisi?</p> </div> </div> <div class="col-md-4 col-sm-6"> <div class="single-service-box"> <div class="icon"> <img src="assets/img/service-4.png" alt="service icon"> </div> <h4>MARKETING</h4> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. At, nisi?</p> </div> </div> <div class="col-md-4 col-sm-6"> <div class="single-service-box"> <div class="icon"> <img src="assets/img/service-5.png" alt="service icon"> </div> <h4>SUPPORT</h4> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. At, nisi?</p> </div> </div> <div class="col-md-4 col-sm-6"> <div class="single-service-box"> <div class="icon"> <img src="assets/img/service-6.png" alt="service icon"> </div> <h4>CONSULTING</h4> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. At, nisi?</p> </div> </div> </div> </div> </div> </section> <!--service section end--> <!--my team section start--> <section class="team-area"> <div class="container"> <div class="row"> <div class="col-md-6 col-md-offset-3 text-center"> <div class="section-title main"> <h2>My Team Members</h2> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Voluptatem quas error modi quaerat sequi, debitis!</p> </div> </div> </div> <div class="row"> <div class="col-md-3 col-sm-6"> <div class="single-team-box"> <div class="team-member-thumb"> <img src="assets/img/team-1.png" alt=" team member picture"> </div> <div class="content"> <h4>Jhon Doue</h4> <span class="prosition">Web Designer</span> <ul class="social-links"> <li><a href="#"><i class="fa fa-facebook"></i></a></li> <li><a href="#"><i class="fa fa-google-plus"></i></a></li> <li><a href="#"><i class="fa fa-linkedin"></i></a></li> <li><a href="#"><i class="fa fa-twitter"></i></a></li> </ul> </div></div> </div> <div class="col-md-3 col-sm-6"> <div class="single-team-box"> <div class="team-member-thumb"> <img src="assets/img/team-2.png" alt=" team member picture"> </div> <div class="content"> <h4>Jhon Doue</h4> <span class="prosition">Web Designer</span> <ul class="social-links"> <li><a href="#"><i class="fa fa-facebook"></i></a></li> <li><a href="#"><i class="fa fa-google-plus"></i></a></li> <li><a href="#"><i class="fa fa-linkedin"></i></a></li> <li><a href="#"><i class="fa fa-twitter"></i></a></li> </ul> </div> </div> </div> <div class="col-md-3 col-sm-6"> <div class="single-team-box"> <div class="team-member-thumb"> <img src="assets/img/team-4.png" alt=" team member picture"> </div> <div class="content"> <h4>Jhon Doue</h4> <span class="prosition">Web Designer</span> <ul class="social-links"> <li><a href="#"><i class="fa fa-facebook"></i></a></li> <li><a href="#"><i class="fa fa-google-plus"></i></a></li> <li><a href="#"><i class="fa fa-linkedin"></i></a></li> <li><a href="#"><i class="fa fa-twitter"></i></a></li> </ul> </div> </div> </div> <div class="col-md-3 col-sm-6"> <div class="single-team-box"> <div class="team-member-thumb"> <img src="assets/img/team-3.png" alt=" team member picture"> </div> <div class="content"> <h4>Jhon Doue</h4> <span class="prosition">Web Designer</span> <ul class="social-links"> <li><a href="#"><i class="fa fa-facebook"></i></a></li> <li><a href="#"><i class="fa fa-google-plus"></i></a></li> <li><a href="#"><i class="fa fa-linkedin"></i></a></li> <li><a href="#"><i class="fa fa-twitter"></i></a></li> </ul> </div> </div> </div> </div> </div> </section> <!--my team section end--> <div class="counter-section"> <!-- counter section start --> <div class="container"> <div class="row"> <div class="col-md-12 text-center text-uppercase"> <ul> <li> <div class="single-counter-item"> <div class="icon"> <img src="assets/img/project.png" alt="project done image"> </div> <span class="counter-number"> 2350 </span> <h4>Project Done</h4> </div> </li> <li> <div class="single-counter-item"> <div class="icon"> <img src="assets/img/like.png" alt="like image"> </div> <span class="counter-number"> 2350 </span> <h4>Happy Clients</h4> </div> </li> <li> <div class="single-counter-item"> <div class="icon"> <img src="assets/img/coffe-cup.png" alt=" coffe cup"> </div> <span class="counter-number"> 2350 </span> <h4>Cups Of Coffee</h4> </div> </li> <li> <div class="single-counter-item"> <div class="icon"> <img src="assets/img/photo-taken.png" alt=""> </div> <span class="counter-number"> 2350 </span> <h4>Photos Taken</h4> </div> </li> </ul> </div> </div> </div> </div><!-- counter section end --> <!--portfolio section start--> <section class="portfolio-area" id="work"> <div class="container"> <div class="row"> <div class="col-md-6 col-md-offset-3 text-center"> <div class="section-title main"> <h2>Some Of My Work</h2> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Voluptatem quas error modi quaerat sequi, debitis!</p> </div> </div> </div> <div class="row"> <div class="col-md-12 text-center"> <ul class="porfolio-menu"> <li>这是index.php源代码的部分关键代码
<?php include 'flag.php'; // 引入包含flag的文件，$flag变量在此文件中定义 $yds = "dog"; //变量$yds的初始值是dog $is = "cat"; // 初始化变量is，值为"cat" $handsome = 'yds'; // 初始化变量handsome，值为字符串"yds" foreach($_POST as $x => $y){ //遍历所有 POST 提交的参数，$x是参数名，$y是参数值 $$x = $y; //$$x表示 “变量名为$x的值的变量”。 } //如果 POST 提交yds=123，那么$x=yds，$y=123，执行$$x=$y等价于$yds=123，覆盖了原本的$yds="dog"。 foreach($_GET as $x => $y){ //遍历所有 GET 提交的参数，$x是参数名，$y是参数值 $$x = $$y; //$$y表示以$y的值为变量名的变量 } //假如，还是传入yds=123，那么$x=yds，$y=123,执行$$x = $$y等价于$yds=$123,这就可以将一个$123变量的值赋值给另一个变量 foreach($_GET as $x => $y){ //遍历所有 GET 提交的参数，$x是参数名，$y是参数值 if($_GET['flag'] === $x && $x !== 'flag'){ //GET 参数中flag的值等于当前遍历的参数名$x，当前参数名$x不是flag exit($handsome); //哪这个可以使用?flag=a&a=123,这样通过GET传入的参数值为a，当遍历到a=123时$x就为a,就会终止脚本并输出$handsome的值 } } if(!isset($_GET['flag']) && !isset($_POST['flag'])){ exit($yds); //如果 GET 和 POST 中都没有flag参数，执行exit($yds)，终止脚本并输出$yds的值 } //所以要传入至少一个flag if($_POST['flag'] === 'flag' || $_GET['flag'] === 'flag'){ exit($is); } //如果 POST 的flag值是flag，或者 GET 的flag值是flag，执行exit($is)，终止脚本并输出$is的值 //不能让flag参数的值等于flag，否则会被终止 echo "the flag is: ".$flag; //有绕过前面所有的条件判断，才会执行这行代码，输出$flag的值
方法1
输入?yds=flag
在第二个if中，要求不要通过GET或POST传入flag参数就会停止运行代码输出$yds,如果将$flag的值赋值给$yds，这样就会输出flag。而且foreach($_GET as $x => $y){$$x = $$y}通过GET传入的参数会被遍历一遍，$x=yds，$y=flag，这样经过$$x = $$y时就会变成$yds=$flag就是将$flag的值赋值给了$yds，所以输出来的$yds的值中带有flag
方法2
和方法1是一样的思路
is=flag&flag=flag
满足GET 的flag值是flag就会执行exit($is)，is=flag就会使$flag的值赋值给$is
方法3
handsome=flag&flag=handsome
if($_GET['flag'] === $x && $x !== 'flag')，如果传入?flag=a&a=123,这样通过GET传入的参数值为a，当遍历到a=123时$x就为a,那就是flag===a&a！==flag就会终止脚本并输出$handsome的值 ，然后在写handsome=flag，那就还可以写成handsome=flag&flag=a&a=123
考察的就是简单的变量覆盖。

[BJDCTF2020]Mark loves cat

方法1

方法2

方法3

Spring的异常处理机制详解

【谁懂啊！科研狗的降重血泪史谁能破？】

云徙科技：企业全链路AI解决方案赋能伙伴

【客户案例】某大型保险：CMDB纳管之后，如何管住存量盘活增量数据？

【课程设计/毕业设计】基于springboot的居民小区物业管理系统的设计与实现“物业办公 - 业主服务 - 数据监管” 三位一体的数字化架构【附源码、数据库、万字文档】

乐享云 v1.1.0| 不限速磁力下载，边下边播，内置字幕匹配