先注册,然后登录了,提示admin账号才给flag: 查看源码发现action.php?callback=getInfo 这个页面存在当前用户的csrftoken 御剑扫到了可疑的东西: 访问test.php得到E5xqqsvHoznsjlfDm5ryLg== 访问action.php?callback=getInfo,抓包把username改为E5xqqsvH…
Quote saved.
Login to quote this blog
Failed to save quote. Please try again later.
You cannot quote because this article is private.