$what=$_POST[‘what‘]; echo $what; if($what==‘flag‘) echo ‘flag{****}‘;
启动BurpSuite,进行抓包
改变请求头为POST,
what=flag,即可获得
BugkuCTF-WEB4
原文:https://www.cnblogs.com/yunhai666/p/14759338.html
