-
https://websec.space/2022/02/15/ctfshow%20php%E7%9A%84%E7%89%B9%E6%80%A7/
ctfshow php的特性web8912345678910111213
-
I just sent this via email to contact@effective-altruism.com before i noticed the github project. Not technically an issue with the code, but still an important security bug with the site.
please i…
-
https://websec.space/2022/02/06/ctfshow%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB/
ctfshow文件包含web781234567
-
```
Instead of having an issue i want to give you some new ideas.
As u probably know there are many ways of file inclusion. Though not everyone
knows some neat tricks if %00 isn't working. A few of t…
-
https://websec.space/2022/01/29/ctfshow%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C/
ctfshow命令执行web29 命令执行,需要严格的过滤 123456789101112
-
```
Instead of having an issue i want to give you some new ideas.
As u probably know there are many ways of file inclusion. Though not everyone
knows some neat tricks if %00 isn't working. A few of t…
-
https://websec.space/2022/03/31/suctf%20web/
[suctf web] upgdstore测试phpinfo没有被禁。 有waf然后想办法拿到index.php的源码发现,过滤好多东西。 文件包含类的函数被过滤了,highlight_file也没了。 下面写两种方法 一、利用编码函数利用base64,或者rot13都可,来触发()(); payloa…
-
kits_ さんからの報告。試技中にログインセッションが期限切れになると試技を諦めざるを得なくなってしまう。
-
```
Instead of having an issue i want to give you some new ideas.
As u probably know there are many ways of file inclusion. Though not everyone
knows some neat tricks if %00 isn't working. A few of t…
-
https://websec.space/2022/02/14/%5BVNCTF%20InterestingPHP%5D/
[VNCTF InterestingPHP]最近做PHP题目比较多,比赛当天这题思考比较多,但还是没出,今天看了官方wp记录一下。 1 代码越简单,躲在暗处的禁用越多,果然system被ban了,phpinfo()都被ban了 先查看当前目录下的文件 12p