随笔分类 -  CTF之变量覆盖

ctfshow web133(变量覆盖+无回显命令执行dns_bp带外)
摘要:if($F = @$_GET['F']){ if(!preg_match('/system|nc|wget|exec|passthru|netcat/i', $F)){ eval(substr($F,0,6)); }else{ die("6个字母都还不够呀?!"); } } get传参 F=`$F 阅读全文
posted @ 2022-10-20 11:05 hithub 阅读(512) 评论(0) 推荐(0) 编辑
ctfshow web126($_SERVER['argv']的使用)
摘要:$a=$_SERVER['argv']; $c=$_POST['fun']; if(isset($_POST['CTF_SHOW'])&&isset($_POST['CTF_SHOW.COM'])&&!isset($_GET['fl0g'])){ if(!preg_match("/\\\\|\/|\ 阅读全文
posted @ 2022-10-19 16:57 hithub 阅读(340) 评论(0) 推荐(0) 编辑
ctfshow web111($$变量覆盖+PHP超全局变量)
摘要:function getFlag(&$v1,&$v2){ eval("$$v1 = &$$v2;"); var_dump($$v1); } if(isset($_GET['v1']) && isset($_GET['v2'])){ $v1 = $_GET['v1']; $v2 = $_GET['v2 阅读全文
posted @ 2022-10-18 11:52 hithub 阅读(135) 评论(0) 推荐(0) 编辑
ctfshow web105($$变量覆盖)
摘要:<?php /* # -*- coding: utf-8 -*- # @Author: Firebasky # @Date: 2020-09-16 11:25:09 # @Last Modified by: h1xa # @Last Modified time: 2020-09-28 22:34:0 阅读全文
posted @ 2022-10-17 20:39 hithub 阅读(143) 评论(0) 推荐(0) 编辑
ctfshow新手杯repairman(parse_str覆盖变量+传参数组)
摘要:首先get传递参数mode=0得到源码 Your mode is the guest!hello,the repairman! <?php error_reporting(0); session_start(); $config['secret'] = Array(); include 'confi 阅读全文
posted @ 2022-10-07 13:45 hithub 阅读(204) 评论(0) 推荐(0) 编辑

点击右上角即可分享
微信分享提示