2019-03-01から1ヶ月間の記事一覧
https://gameserver.zajebistyc.tf/admin/ Click the backup file and then we get php code. We think about several ways to bypass it. What we could know is we can post a cookie data named otadmin. To bypass the first "if " which contains regex…
Open Redirection Twitter Open Redirection https://twitter.com/teams/authorize?target_screen_name=&authorize_callback=//www.fb.com Description: This payload will redirect from twitter.com to www.fb.com XSS i='[url=javascript://%0aalert`1`] …
python a2sv.py -t [ip address] github.com
Information Security Blog/ ・English liveoverflow.com ・日本語 CTF web専門: https://graneed.hatenablog.com/entry/2018/12/16/003745 ・中文 www.cnblogs.com
www.youtube.com Payload: i='[url=javascript://%0aalert`1`] click me![/url]'
1. Game of Faces webpageにアクセスするとこんな感じです。 アクセスするごとに色が変わる三つのブロックでした。 ソースコードを確認します。 formタグが気になりますね。どうやらファイルアップロードのコンテンツがあります。 一見三つのブロックしかな…
1. strcmp bypass http://wargame.kr:8080/strcmp/ ソースコード(PHP) ... $password = sha1(md5(rand().file_get_contents("/var/lib/dummy_file")).rand()); if (isset($_GET['view-source'])) { show_source(__FILE__); exit(); }else if(isset($_POST['p…
php md5($a,true) bypass: fuzz1: 129581926211651571912466741651878684928 SQL Injection ↑ fuzz2: ffifdyop ↑ SQL Injection php md5(v1)==md5(v2) bypass: v1: 240610708 v2: QNKCDZO stackoverflow.com
nekose9.hatenablog.com
既知平文攻撃とは?What's the known-plaintext attack? Wikipedia definition: The known-plaintext attack (KPA) is an attack model for cryptanalysis where the attacker has access to both the plaintext (called a crib), and its encrypted version…
TamuCTF was a 9 days long CTF, and many challenges are practical that we can use it in the real world. This is the fifth time I participate in the CTF, and personally I think that's easier than usual. I still need to learn more basic knowl…
www.youtube.com