[NSSCTF 2nd]php签到
通过1.php/.来绕过waf即可
pathinfo解析的时候当成了1.php下的.文件,所以后缀为NULL,成功绕过,然后file_put_contents函数会处理成1.php
[NSSCTF 2nd]MyBox
非预期直接读file:///proc/1/environ
预期读/app/app.py得到源码
发现SSRF利用点,它是自定义的mybox协议,而不是gopher协议
但思路是一样的,将gopher的脚本改成mybox即可,反复发包,得到中间件的版本信息,Apache/2.4.49 (Unix)
搜索到CVE-2021-41773
将脚本里的数据包改成payload的样子,再反弹shell即可
[NSSCTF 2nd]MyHurricane
Tornado框架的模板注入,直接读文件即可
ssti={% include /proc/self/environ %}
[NSSCTF 2nd]MyJs
通过源码发现const user = jwt.verify(token, secret, {algorithm: "HS256"});
其中jwt中指定加密的算法应该是algorithms通过数组引入,而不是algorithm
相当于algorithms为空了,那么是允许空密匙的,而密匙是从全局数组serects中选择的,即serects[sid]
而且sid要求>=0和<数组的长度,为了是选择的密匙为空,我们可以传入[],在js的弱比较中,[]==0,成功绕过限制
然后是ejs模板引擎污染,直接用payload打即可
It's really a great and helpful piece of info. I'm glad that you
just shared this helpful information with us. Please stay us informed like this.
Thanks for sharing.
homepage
This is a topic that's near to my heart... Thank you!
Exactly where are your contact details though?
casino en ligne
You really make it seem really easy with your presentation however I
in finding this topic to be really something that I feel I
would by no means understand. It seems too complex and very extensive for me.
I'm taking a look ahead for your next publish, I will attempt to get the
dangle of it!
web site
I have read so many posts about the blogger lovers however this article is really a good article, keep it
up.
casino en ligne France
Hi, its nice paragraph concerning media print, we
all understand media is a fantastic source of
data.
web page
Thanks , I've recently been searching for info about this topic for a
long time and yours is the best I have came upon so far.
However, what in regards to the bottom line? Are you positive
about the source?
meilleur casino en ligne
This is very interesting, You are a very skilled blogger.
I've joined your feed and look forward to seeking more
of your magnificent post. Also, I've shared your site in my social
networks!
meilleur casino en ligne
My partner and I stumbled over here different web page and
thought I might as well check things out. I like what I see so now i'm following you.
Look forward to finding out about your web page for a second time.
meilleur casino en ligne
Howdy! Quick question that's totally off topic.
Do you know how to make your site mobile friendly? My
site looks weird when viewing from my apple iphone. I'm trying
to find a template or plugin that might be able to fix this issue.
If you have any recommendations, please share. Many thanks!
casino en ligne
Actually no matter if someone doesn't be aware of after that its
up to other users that they will assist, so here it occurs.
web site
homepage 昨天
Heya i am for the first time here. I came across this
board and I find It truly useful & it helped me out much.
I hope to give something back and help others like
you aided me.
casino en ligne
I've read some good stuff here. Certainly worth bookmarking for revisiting.
I surprise how a lot attempt you place to create any such excellent informative site.
casino en ligne
I'm no longer positive the place you're getting your info, however good topic.
I must spend a while finding out more or understanding more.
Thank you for fantastic information I used to be looking for this information for my mission.
homepage
I have to thank you for the efforts you have put in penning this website.
I really hope to view the same high-grade content by you in the future as well.
In truth, your creative writing abilities has
inspired me to get my own, personal website now ;)
casino en ligne France
Wow, amazing weblog format! How long have you been blogging for?
you made blogging glance easy. The total glance
of your website is wonderful, let alone the content!
casino en ligne fiable
Its like you read my thoughts! You seem to grasp so much about this, like you wrote the ebook in it
or something. I think that you just can do with some %
to force the message home a bit, but other than that, this is great blog.
A fantastic read. I'll certainly be back.
casino en ligne France
I enjoy what you guys tend to be up too. This type of clever work
and exposure! Keep up the fantastic works guys
I've included you guys to my blogroll.
webpage
Heya i am for the primary time here. I came across this board and
I to find It truly helpful & it helped me out much. I am
hoping to present one thing back and aid others such as you aided me.
casino en ligne francais
Wonderful blog! I found it while browsing on Yahoo News. Do you have any suggestions on how to get listed in Yahoo News?
I've been trying for a while but I never seem to get there!
Thank you
homepage
Hey! I realize this is sort of off-topic but I had to ask.
Does building a well-established blog such as yours take
a large amount of work? I am brand new to writing a blog but
I do write in my diary every day. I'd like to start a blog so I can share my own experience and views online.
Please let me know if you have any kind of suggestions or tips for brand new aspiring blog owners.
Appreciate it!
meilleur casino en ligne
casino en ligne 昨天
Inventonslemondedapres : l'expertise à votre service pour sélectionner des casinos
en ligne aux catalogues de jeux impressionnants.
inventonslemondedapres 6 天前