Bugku of Web articles
Web2
Firefox F12
Calculator
Modify the input length value F12
Web basis $ _GET
According meaning of the questions, what directly assigned to flag
Web basic $ _POST
Knowledge (post and get the difference)
contradiction
is_numeric () function is used to detect whether a variable is numeric or numeric string. If the variable is assigned a numeric string of numbers and returns TRUE, otherwise it returns FALSE.
Need to meet the following criteria:
Version 5.3.4 of less than 1. php
2. php's magic \ _quotes \ _gpc the OFF state
00% cut-off principle
Truncated core is chr (0) Let me talk about the character of this character, this character is not empty (Null), nor is the null character ( ""), but not spaces. When the program contained in the output chr (0) variable chr (0) the following data is stopped, in other words, it is mistaken as a terminator, ignore the following data, which led to generation vulnerability
Web3
View the source code, the decoding bottom html
DNS
Modify the hosts file, specify the domain name resolution, you can visit
You have to make him stop
Bp repeater randomly sent to multiple points, to the flag 10.jpg
Variable 1
File also contains, in a variable, $$ The files containing the vulnerabilities the prompts flag, just give args pass a global array variable. GLOBALS is a superglobal
Web5
https://www.cnblogs.com/chianquan/p/5671474.html
Baidu JSFUCK, F12 found that the large number of JSFUCK copy the code into the console can be run ,,
First Class
Bp capture sent to the repeater (If there is no reaction to add a cookie)
Website was hacked
Sword scan background
Burp intruder blasting password parameters set https://blog.csdn.net/u012804180/article/details/52015224
System Administrator