看到本地访问,我们很自然的相到,将X-Forwarded-For设为127.0.0.1点击登录,还是显示只能本地访问。我们尝试抓包,修改登陆时的post请求,同时加入X-Forwarded-For的值为127.0.0.1 1X-Forwarded-For:127.0.0.1 得到flag http://yoursite.com/2024/12/10/BUU BURP COURSE 1 1/ Author John Doe Posted on December 10, 2024 Licensed under Previous Next
