CTF
文章平均质量分 81
wywwzjj
Shell is the only beginning.
展开
-
命令注入总结
前往个人博客阅读,提升阅读体验https://wywwzjj.top/2019/05/12/命令注入绕过总结/直接执行代码PHP 中有不少可以直接执行代码的函数。eval();assert();system();exec();shell_exec();passthru();escapeshellcmd();pcntl_exec();preg_replace( ) 代码执行...原创 2019-05-21 09:28:48 · 1759 阅读 · 0 评论 -
新博客
前往个人博客以提升阅读体验新博客:https://wywwzjj.top/原创 2019-03-03 15:28:35 · 314 阅读 · 4 评论 -
Jarvis OJ inject(反引号注入)
http://web.jarvisoj.com:32794/index.php~得到源码<?php require("config.php"); $table = $_GET['table']?$_GET['table']:"test";原创 2019-02-22 16:35:39 · 846 阅读 · 0 评论 -
fireshell 2019 Vice(ssrf)
<?php //require_once 'config.php'; class SHITS{ private $url; private $method; private $addr; private $host; private $name; function __construct($method,$url){ $this->method =...原创 2019-01-30 13:52:46 · 361 阅读 · 0 评论 -
安恒杯 一月 web
babyGo<?php @error_reporting(1); include 'flag.php';class baby { protected $skyobj; public $aaa; public $bbb; function __construct() { $this->skyobj = new...原创 2019-01-30 13:36:57 · 710 阅读 · 1 评论 -
2017 NJCTF Web Guess
PHP 伪随机数安全问题原创 2018-12-30 20:14:06 · 1784 阅读 · 9 评论 -
Please don't stop rua 233333
原题网址<?phpclass Time{ public $flag = xxxxx; public $truepassword = xxxxx; public $time; public $password; public function construct($tt, $pp) { $this-&a原创 2018-12-08 18:09:27 · 734 阅读 · 0 评论 -
CTF Web题 部分WP
1.web2 听说聪明的人都能找到答案 http://123.206.87.240:8002/web2/ CTRL + u 查看源代码2.计算器 http://123.206.87.240:8002/yanzhengma/ 改一下字符输入长度的限制3.web基础$_GET http://123.206.87.240:8002/get/ ?var=val4.web基础$_P...原创 2018-11-26 14:27:34 · 128735 阅读 · 0 评论 -
Hackme Writeup
https://wywwzjj.top/2019/02/02/Hackme-Writeup/hide and seekCan you see me? I’m so close to you but you can’t see me.这题查看源码即可。guestbookThis guestbook sucks. sqlmap is your friend.既然提示有 sqlmap...原创 2019-05-21 09:35:33 · 11058 阅读 · 0 评论