The vulnerability is in the version before yii2.0.38. Download version 2.0.37basic
Modify the value of the / config/web file
Enter php yii serve in the current directory to start
Construct the deserialization entry first
Create a new contro ...
Posted by claypots on Mon, 29 Nov 2021 07:48:07 -0800
At the beginning, Please Change Your Method!, The source code can be obtained by modifying the packet capture method to the POST method
die("Please Change Your Method!");
Posted by hstraf on Thu, 04 Nov 2021 15:14:43 -0700
Recently, I found an interesting CTF question I did before replying. It is the idea of using the PHP string parsing feature Bypass, but this problem is far more than that. There is another solution, HTTP request smuggling attack.
RoarCTF 2019 Easy Calc
Look at the source code first:
Posted by redzzzon on Tue, 02 Nov 2021 19:44:03 -0700
2021 "Green League Cup" Chongqing University Student Information Security Competition - Light1ng team Writeup
For other directions, please refer to pdf:https://wws.lanzoui.com/iWk1ovo0eaj Password: Le1a
Misc1: check in 1
The title gives a string of base64 codes
Posted by sykowizard on Sat, 23 Oct 2021 00:28:09 -0700
In previous articles, I mentioned that I have been doing things related to sql injection recently, and I have also been doing problems related to sql injection. However, in fact, many competition questions have different test sites. They often need to combine other knowledge to get the desired results. The following question is the ...
Posted by Magestic on Fri, 22 Oct 2021 01:59:09 -0700
1. Open the web page, a picture and a pair of English will appear. First, F12 view a wave of source code If there is a form and it is submitted by post, then packet capture analysis is required
2. There are two para ...
Posted by brokenshadows on Mon, 18 Oct 2021 19:57:21 -0700
Escape principle of php anti sequence words
Problem solving ideas
The source code is leaked and can be downloaded directly
Open config.php and you can see that the flag may be stored here
Visit / register.php, register an account casually, log in and find that you have jumped t ...
Posted by atl_andy on Wed, 13 Oct 2021 10:59:25 -0700
ret2libc is given for nothing. The first output divulges canary, and the second output divulges the base address of libc. By the way, control the return address, and then return to input, and then get shell (stall)
from pwn import*
sh = remote("22.214.171.124", 27056)
#sh = process('./littleof')