https:///challenges#[RoarCTF%202019]Easy%20Java![BUUCTF:[RoarCTF 2019]Easy Java](http://dev-img.mos.moduyun.com/20240419/188a5f5c-be3b-4914-b355-a3069fb56d1a.png "BUUCTF:[RoarCTF 2019]Easy Java")
![BUUCTF:[RoarCTF 2019]Easy Java](http://dev-img.mos.moduyun.com/20240419/05f64a2d-4838-4c37-8a24-d86236428ad9.png "BUUCTF:[RoarCTF 2019]Easy Java")
登录框弱密码admin/admin888即可登录
![BUUCTF:[RoarCTF 2019]Easy Java](http://dev-img.mos.moduyun.com/20240419/ba6cc80c-3853-4f55-801f-df1e0a54fa10.png "BUUCTF:[RoarCTF 2019]Easy Java")
返回登录框,在下面有个help按钮
![BUUCTF:[RoarCTF 2019]Easy Java](http://dev-img.mos.moduyun.com/20240419/fa39dc36-f152-441f-a1f1-77f6cf06f9c3.png "BUUCTF:[RoarCTF 2019]Easy Java")
GET传参无果,尝试修改传参方式为POST
![BUUCTF:[RoarCTF 2019]Easy Java](http://dev-img.mos.moduyun.com/20240419/d3d97a8f-4f3c-439b-9eea-f0a3e23dac69.png "BUUCTF:[RoarCTF 2019]Easy Java")
下载下来并无flag
![BUUCTF:[RoarCTF 2019]Easy Java](http://dev-img.mos.moduyun.com/20240419/71147293-711d-479d-a8ff-8c68eca50765.png "BUUCTF:[RoarCTF 2019]Easy Java")
查看是否存在WEB-INF/web.xml泄露
![BUUCTF:[RoarCTF 2019]Easy Java](http://dev-img.mos.moduyun.com/20240419/e1022549-5d55-413f-9be4-bb57f934e02b.png "BUUCTF:[RoarCTF 2019]Easy Java")
明显存在,可以读取到网站源码
![BUUCTF:[RoarCTF 2019]Easy Java](http://dev-img.mos.moduyun.com/20240419/1c8c4224-b061-4216-95a2-8fec87028246.png "BUUCTF:[RoarCTF 2019]Easy Java")
读取FlagController.class
filename=WEB-INF/classes/com/wm/ctf/FlagController.class![BUUCTF:[RoarCTF 2019]Easy Java](http://dev-img.mos.moduyun.com/20240419/0d5fd415-dccb-4291-84c6-2f4a3b1f458d.png "BUUCTF:[RoarCTF 2019]Easy Java")
![BUUCTF:[RoarCTF 2019]Easy Java](http://dev-img.mos.moduyun.com/20240419/c60179ff-00da-4b62-9cf1-5449ca93d697.png "BUUCTF:[RoarCTF 2019]Easy Java")
![BUUCTF:[RoarCTF 2019]Easy Java](http://dev-img.mos.moduyun.com/20240419/60e29b1c-8745-4860-abfb-a0a7592d41ca.png "BUUCTF:[RoarCTF 2019]Easy Java")
PS C:\Users\Administrator> php -r "var_dump(base64_decode('ZmxhZ3tlMDA4NTdjYi1kODdhLTQ5OWMtYTcwYy00NjJlODBmZmEwOTh9Cg=='));"
string(43) "flag{e00857cb-d87a-499c-a70c-462e80ffa098}"