海淀区网站建设,网站建设交付形式,浙江网商银行是正规银行吗,小创业公司网站怎么做题目描述
题目截图如下#xff1a;
进入场景看看#xff1a;
解题思路
你说啥就是啥#xff1a;去源代码吧
相关工具
URL解码平台#xff1a;https://www.iamwawa.cn/urldecode.html
解题步骤
随便输入试试 2. 看看源码 存在script#xff1a;
script
…题目描述
题目截图如下
进入场景看看
解题思路
你说啥就是啥去源代码吧
相关工具
URL解码平台https://www.iamwawa.cn/urldecode.html
解题步骤
随便输入试试 2. 看看源码 存在script
script
var p1 %66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%53%75%62%6d%69%74%28%29%7b%76%61%72%20%61%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%70%61%73%73%77%6f%72%64%22%29%3b%69%66%28%22%75%6e%64%65%66%69%6e%65%64%22%21%3d%74%79%70%65%6f%66%20%61%29%7b%69%66%28%22%36%37%64%37%30%39%62%32%62;
var p2 %61%61%36%34%38%63%66%36%65%38%37%61%37%31%31%34%66%31%22%3d%3d%61%2e%76%61%6c%75%65%29%72%65%74%75%72%6e%21%30%3b%61%6c%65%72%74%28%22%45%72%72%6f%72%22%29%3b%61%2e%66%6f%63%75%73%28%29%3b%72%65%74%75%72%6e%21%31%7d%7d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%6c%65%76%65%6c%51%75%65%73%74%22%29%2e%6f%6e%73%75%62%6d%69%74%3d%63%68%65%63%6b%53%75%62%6d%69%74%3b;
eval(unescape(p1) unescape(%35%34%61%61%32 p2));
/script这是要我解码分析的意思看这个样子是URL编码解码试试 p1
function checkSubmit(){var adocument.getElementById(password);if(undefined!typeof a){if(67d709b2bp2
aa648cf6e87a7114f1a.value)return!0;alert(Error);a.focus();return!1}}document.getElementById(levelQuest).onsubmitcheckSubmit;unescape
54aa2eval(unescape(p1) unescape(‘54aa2’ p2));的意思是 eval 是运算函数也就是将p1和54aa2以及p2拼接起来。 unescape 这是一个解密函数对应的就是escape加密函数
得到拼接后的代码如下js格式化
function checkSubmit() {var a document.getElementById(password);if (undefined ! typeof a) {if (67d709b2b54aa2aa648cf6e87a7114f1 a.value) return !0;alert(Error);a.focus();return !1}
}
document.getElementById(levelQuest).onsubmit checkSubmit;解释如下 在函数中首先通过 document.getElementById() 方法获取 id 为 “password” 的元素并将其赋值给变量 a。然后判断变量 a 是否被定义如果是未定义则执行以下操作 弹出一个警告框显示 “Error”。将焦点设置到变量 a 所指向的元素。返回 false表示验证失败。 如果变量 a 被定义进一步判断变量 a 的值是否等于 “67d709b2b54aa2aa648cf6e87a7114f1”如果是则表示验证通过返回 true表示可以提交表单。 最后通过 document.getElementById() 方法获取 id 为 “levelQuest” 的元素并将函数 checkSubmit() 赋值给其 onsubmit 事件这样当表单被提交时会调用函数 checkSubmit() 进行验证。 我们也可以直接使用在线js平台https://www.wetools.com/js-run
var p1 %66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%53%75%62%6d%69%74%28%29%7b%76%61%72%20%61%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%70%61%73%73%77%6f%72%64%22%29%3b%69%66%28%22%75%6e%64%65%66%69%6e%65%64%22%21%3d%74%79%70%65%6f%66%20%61%29%7b%69%66%28%22%36%37%64%37%30%39%62%32%62;
var p2 %61%61%36%34%38%63%66%36%65%38%37%61%37%31%31%34%66%31%22%3d%3d%61%2e%76%61%6c%75%65%29%72%65%74%75%72%6e%21%30%3b%61%6c%65%72%74%28%22%45%72%72%6f%72%22%29%3b%61%2e%66%6f%63%75%73%28%29%3b%72%65%74%75%72%6e%21%31%7d%7d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%6c%65%76%65%6c%51%75%65%73%74%22%29%2e%6f%6e%73%75%62%6d%69%74%3d%63%68%65%63%6b%53%75%62%6d%69%74%3b;
var p3 unescape(p1) unescape(%35%34%61%61%32 p2);
console.log(p3)看这里
if(67d709b2b54aa2aa648cf6e87a7114f1a.value)return!0;那不就直接复制输入67d709b2b54aa2aa648cf6e87a7114f1
得到Flag
flag{4c31de94d2e2a01c75f48b985181dba2}新知识点 有用的话请点赞收藏评论帮助更多的同学哦
