5xxxxx-y.github.io's People
5xxxxx-y.github.io's Issues
2021年**工会预赛(第二套)CTF | 5x的blog
categories | 5x的blog
https://5xxxxx-y.github.io/categories/
好好学习,天天向上
2023SCTF-pypyp? | > 5xxxxx
https://5xxxxx-y.github.io/Writeup/WEB/2023SCTF-pypyp/
pypyp? hinta piece of cake but hard work。per 5 min restart. pay attention to /app/app.py start_session Session not started,那么利用 PHP_SESSION_UPLOAD_PROGRESS 上传 Session 关于 PHP_SESSION_UPLOAD
The First | 5x的blog
2023ciscn-reading | > 5xxxxx
https://5xxxxx-y.github.io/Writeup/WEB/reading/?
reading描述 可以阅读.txt书籍 题目源码 通过任意文件读取 读源码 首先尝试 ../ 目录穿越,发现 .. 被替换成 . ,改为 …/ 进行目录穿越 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575
php-cgi之获取源码 | 5x的blog
https://5xxxxx-y.github.io/php-cgi%E4%B9%8B%E8%8E%B7%E5%8F%96%E6%BA%90%E7%A0%81/
php-cgi之获取源码 知识点:信息泄露、cve-2012-1823,代码审计 右键源代码 发现在main.php下的提示 关于cve-2012-1823,我们参考https://www.freebuf.com/articles/web/213647.html 可知通过-s可以获取源码 尝试了上述文章中的其他利用方式无法成功
tags | 5x的blog
https://5xxxxx-y.github.io/tags/
好好学习,天天向上
单popen函数getshell | 5x的blog
https://5xxxxx-y.github.io/Writeup/WEB/%E5%8D%95popen%E5%87%BD%E6%95%B0getshell/?
单popen函数getshell 知识点:代码审计、popen函数、反弹shell 审计源码,popen后没有输出,无法直接看到输入命令的回显,那么我们可以利用反弹shell来直接rce 123456789101112131415161718192021<?php#Try to read /flagif(!isset($_GET['command'])&am
记一次edu站点的文件上传漏洞挖掘 | > 5xxxxx
记一次edu站点的文件上传漏洞挖掘前言此漏洞已报送edusrc,且已经通过审核并修复 可注册站点的发现通常使用搜索引擎语法找出目标站点的注册点domain:xx && (body:”注册” || body:”register”) 漏洞挖掘通过语法找到这个站点,是研究生课程申请系统,根据经验这种站点一般都有很多上传的功能点,如头像、简历等 现在此站点注册一个账号,测试账号:xxxx
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.