XCTF Cat

Others 2020-04-04 03:54:59 views: null

A. Into the test environment

　　Tip 1. After we enter into the domain: try to enter baidu.com, but no response

　　

　　2. enter 127.0.0.1, show the results of a ping, the pipe may be used to guess whether the command.

　　

　　Enter 127.000.1 | ls, really useless, guess should be filtered.

　　According Gangster approach:

　　3. Enter @ found not filtered.

　　 Try to enter the url of the wide character, such as%bf,返回一堆代码，应该是报错的信息。

　　

　　So much so read on the code does not work, we will save it as a suffix to the .html file, and then open it

　　

　　The same will return code, save it to html and then open the inside:

　　

　　

　　You can find some sensitive information and database-related, where we can @read the contents of the documents, we construct @ / opt / api / database.sqlite3, get flag.

　　

Guess you like

Origin www.cnblogs.com/darklee/p/12630108.html

XCTF Cat

XCTF Web exercises CAT writeup title

XCTF Web упражнения название CAT рецензия

XCTF rebounds

XCTF cookie

xctf - forgot

XCTF logmein

XCTF warmup

XCTF supersqli

XCTF EasyRE

Cat cat rushes forward

XCTF (app2)

XCTF Web msf

XCTF-web2

XCTF get_post

XCTF warmup write up

XCTF web2

xctf-web supersqli

XCTF ics-04

XCTF crypto is not just Mors

XCTF Guess-the-Number

XCTF-meinialize3

XCTF-easytornado

2021 XCTF Guesskey

xctf_Robots

xctf_Backup

xctf_Baby_web

XCTF Web Registration (unagi)

XCTF Web Record (bug)

XCTF Web Record (FlatScience)

Recommended

The sixth meeting of openKylin Community Ecology Committee was successfully held

Alibaba Cloud officially releases Tongyi Qianwen 2.5

Python 3.13 releases first Beta: experimental free-threading mode and JIT, improved interactive interpreter

Stack Overflow used my code to train large AI models and banned my account.

Pop!_OS’s COSMIC desktop completes App Store listing

Report: Django is still the first choice for 74% of developers

"Internet Investment and Financing Operation in the First Quarter of 2024" Research Report

15 years ago, he was on the "FFmpeg pillar of shame", and today he still has to thank us - Tencent QQPlayer avenges its shame?

Ranking

Python handwritten digit recognition, the corresponding mathematical formulas and Detailed procedures

Der M-Chip-Mac implementiert mehrere Android-Emulatoren

CentOS 명령줄 모드에서 화면이 항상 켜져 있도록 설정 ---- 예상한 효과를 얻지 못했습니다.

Teach you step by step how to use GDB to debug programs: a comprehensive guide from entry to mastery

python3 pip ipython installation

A lot of python crawler source code sharing -- talk about the little thing about python crawler

Agile Sprint in Alpha Stage (7)

Access URL in Unity

FunctoinDemo form

MS SQL common SQL statements (6): create, modify, delete triggers and other operations sq

Daily

More

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)

2024-05-02(0)

2024-05-01(4)