Programmer Group

Environment construction The vulnerability is in the version before yii2.0.38. Download version 2.0.37basic https://github.com/yiisoft/yii2/releases/tag/2.0.37 Modify the value of the / config/web file Enter php yii serve in the current directory to start Reappearance Construct the deserialization entry first Create a new contro ...

web29 The source code is: <?php /* # -*- coding: utf-8 -*- # @Author: h1xa # @Date: 2020-09-04 00:12:34 # @Last Modified by: h1xa # @Last Modified time: 2020-09-04 00:26:48 # @email: h1xa@ctfer.com # @link: https://ctfer.com */ error_reporting(0); if(isset($_GET['c'])){ $c = $_GET['c']; if(!preg_match("/flag/i", $c)){ ...

Web Signin At the beginning, Please Change Your Method!, The source code can be obtained by modifying the packet capture method to the POST method <?php error_reporting(0); require_once("flag.php"); if($_SERVER['REQUEST_METHOD'] !=='POST'){ die("Please Change Your Method!"); exit(); }else{ if(!isset($_POST["CNSS"])){ s ...

preface Recently, I found an interesting CTF question I did before replying. It is the idea of using the PHP string parsing feature Bypass, but this problem is far more than that. There is another solution, HTTP request smuggling attack. RoarCTF 2019 Easy Calc Look at the source code first: <?php error_reporting(0); if(!isset($_GET['num'])) ...

2021 "Green League Cup" Chongqing University Student Information Security Competition - Light1ng team Writeup For other directions, please refer to pdf:https://wws.lanzoui.com/iWk1ovo0eaj Password: Le1a Misc Misc1: check in 1 The title gives a string of base64 codes Decoded flag: flag{c54ce9d7b4e17980dd4906d9941ed52a} Misc2: ...

1, Foreword In previous articles, I mentioned that I have been doing things related to sql injection recently, and I have also been doing problems related to sql injection. However, in fact, many competition questions have different test sites. They often need to combine other knowledge to get the desired results. The following question is the ...

subject Link: https://buuoj.cn/challenges#[%E7%BD%91%E9%BC%8E%E6%9D%AF%202020%20%E6%9C%B1%E9%9B%80%E7%BB%84]phpweb answer 1. Open the web page, a picture and a pair of English will appear. First, F12 view a wave of source code If there is a form and it is submitted by post, then packet capture analysis is required 2. There are two para ...

Basic knowledge Escape principle of php anti sequence words Problem solving ideas payload /www.zip The source code is leaked and can be downloaded directly config.php ​​ Open config.php and you can see that the flag may be stored here Visit / register.php, register an account casually, log in and find that you have jumped t ...

littleof ret2libc is given for nothing. The first output divulges canary, and the second output divulges the base address of libc. By the way, control the return address, and then return to input, and then get shell (stall) #!/usr/bin/env python #coding=utf-8 from pwn import* sh = remote("182.116.62.85", 27056) #sh = process('./littleof') el ...

Utilization point base64 + filter protocol bypasses death exit Source code <?php error_reporting(0); class A { protected $store; protected $key; protected $expire; public function __construct($store, $key = 'flysystem', $expire = null) { $this->key = $key; $this->store = $store; $this ...