【Root-Me】 HTTP - verb tampering
source link: https://exp-blog.com/safe/ctf/rootme/web-server/http-verb-tampering/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
【Root-Me】 HTTP
题目已经提示:HTTP 动词篡改。 亦即通过不同的 HTTP 动词可能可以访问到不同的资源。
使用 Burp Suite -> Repeater 打开页面,修改 HTTP 请求的动词(原本为 GET),改成 OPTIONS、PUT、DELETE 中的任意一个均可获得密码,完成挑战。
注:根据 Burp Suite 分析可知当前页面遵循 HTTP/1.1 版本规范,这个版本支持 8 个动词:
GET、HEAD、POST、OPTIONS、PUT、DELETE、TRACE、CONNECT,逐个试就行。
flag 下载后的 flagzip 的文件需要手动更改后缀为
*.zip,然后解压即可(为了避免直接刷答案)
Recommend
-
284
README.md
-
16
Introduction This quick blog post highlights some of the flaws found in the Zoom application when attempting to do integrity checking, these checks verify that the DLLs inside the folder are signed by Zoom and...
-
11
Canary as a verb When I mention canaries, I hope most people think about cute little birds. However, I would hope that people who run large computer systems which are intended to be reliable also know a secondary meaning for the...
-
21
When testing for Web compatibility issues, we meet a lot of strange cases, some of these are related...
-
8
Subject–object–verb From Wikipedia, the free encyclopedia Jump to navigation
-
9
Can Cisco reinvent Webex to become the verb for hybrid working? Read later By
-
12
Preamble¶ from plotapi import Chord Chord.set_licen...
-
2
To Be the Noun, You Have to Do the VerbYou can’t become something without doing something
-
3
I nearly retched yesterday when a client told me to edit a passage he wrote, even though he and colleague were still “languaging” it. Languaging? Gag me. It’s a trusim that “
-
3
We use cookies to improve your experience and anonymously analyze usage. Learn more in our privacy settings.
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK