In Web 200, The site contains the login form for get ID and PS. ID is the IP-adress.
We can get the source code of Web site.
View the source code: login_ok.php login.php opt_util.php
ID is local IP-address, PS is password which we need to input.
otp_utill contains a function.
Login audit process is through the “strcmp” judgment is consistent, and then judge whether the IP is 127.0.0.1. then get the flag.
strcmp(str, array) == 0
I modified the parameters(ID=127.0.0.1 ps=adrian),and then submit。
bingo！！！Get the flag！！！