(1) Open the link to the page, the topic is as follows
(2) Decode the prompt
dXNlcl9sb2dpbj0yMTIzMmYyOTdhNTdhNWE3NDM4OTRhMGU0YTgwMWZjMzsgcGFzc3dvcmQ9NGM3ODM4NDVkM2E0ODk0ZmFmYTNhMWJmOGE4ZDRlN2U7IGFzZGNhc2M7IFBIUFNFU1NJRD02bzA3Z3E1a2szOXE2NnI5NmFvMmQ4OWo3MDsgcGF0aD0v]
user_login=21232f297a57a5a743894a0e4a801fc3; password=4c783845d3a4894fafa3a1bf8a8d4e7e; asdcasc; PHPSESSID=6o07gq5kk39q66r96ao2d89j70; path=/
(3) We see that the hint has both path and PHPSESSID values, and we determine this as the value of the cookie field. As a result, we will be able to see if it can be successfully added to the message
GET /login.php HTTP/1.1Host: b73bef3389f1a266.yunyansec.comContent-Length: 45Cache-Control: max-age=0Origin: http://b73bef3389f1a266.yunyansec.comUpgrade-Insecure-Requests: 1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8Referer: http://b73bef3389f1a266.yunyansec.com/index.htmlAccept-Language: zh-CN,zh;q=0.9cookie: user_login=21232f297a57a5a743894a0e4a801fc3; password=4c783845d3a4894fafa3a1bf8a8d4e7e; asdcasc; PHPSESSID=6o07gq5kk39q66r96ao2d89j70; path=/Connection: close
At this point, there is nothing valuable ....
(4) Start the tool sweep catalogue
Found a file
(5) Try to link
Let's grab the bag and follow the method, plus the cookie.
Got a
Understanding the HTTP Field cookie