RWCTF2022复现
RWCTF2022web复现 Hack into Skynet 这里是and,登录这里将username置为空就能绕过 def query_login_attempt(): username = flask.request.form.get('username', '') password = flask.r…
2021n1ctf两道web复现
2021n1ctf两道web复现 WEB Signin 源码 <?php //flag is /flag $path=$_POST['path']; $time=(isset($_GET['time'])) ? urldecode(date(file_get_contents('php://i…
2022TetCTF
2022TetCTF WEB 2X-Service 源码 import random import os from flask import Flask, render_template, render_template_string, url_for, redirect, request from flask_socketio import So…
2021hxpctf复现
2021hxpctf复现 摸鱼ing WEB unzipper 给了源码, <?php session_start() or die('session_start'); $_SESSION['sandbox'] ??= bin2hex(random_bytes(16)); $sandbox = …
2021hitconctf-web复现
2021hitconctf复现 WEB W3rmup PHP 脑洞题 <?php if (!isset($_GET['mail'])) highlight_file(__FILE__) && exit(); $mail = filter_var($_GET['mail'], FILTER…
SECCONCTF2021
SECCONCTF2021 WEB Vulnerabilities 题目给了dockerfile,但是跑不起来,反正有源码在本地搭就行了 代码很简单,前面就一个数据库的各种操作 package main import ( "log" "os" "github.com/gin-contrib/stat…
2021东软杯
2021东软杯wp WEB [签到] flag 解base [萌]odd_upload 本地搭环境,smarty模板注入,上传点可以上传至任意目录,上传覆盖即可 easy_inject ldap注入,爆用户名 import string,requests,sys url = "http://47.106.172.144:2333/&quo…
go爬虫+gin+gorm
go爬虫 访问页面获取页面内容, package main import ( "fmt" "io/ioutil" "log" "net/http" ) func main() { resp, err := http.Get("https://www.lenov…
2021安洵杯WEB复现
2021安洵杯WEB EZ_TP <?php namespace app\index\controller; use think\Controller; class Index extends controller { public function index() { return '<style type="te…
2021西湖论剑-WEB
灏妹的web 扫目录 /.idea/dataSources.xml访问 EasyTp 读文件 ?file=php://filter/convert.base64-encode/resource=../app/controller/Index.php <?php namespace app\controller; use app\BaseCon…