打开后提示“看看源代码?”
打开源代码后发现这个代码——
1 | var p1 = '%66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%53%75%62%6d%69%74%28%29%7b%76%61%72%20%61%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%70%61%73%73%77%6f%72%64%22%29%3b%69%66%28%22%75%6e%64%65%66%69%6e%65%64%22%21%3d%74%79%70%65%6f%66%20%61%29%7b%69%66%28%22%36%37%64%37%30%39%62%32%62'; |
url解码后为——
1 | var p1 = 'function checkSubmit(){var a=document.getElementById("password");if("undefined"!=typeof a){if("67d709b2b'; |
unescape()的作用是解码
拼接后就是——
1 | eval( |
简单来说就是传值若等于67d709b2b54aa2aa648cf6e87a7114f1,就返回flag
然后输进去就得到flag