攻防世界32-easyphp-CTFWeb
攻防世界32-easyphp-CTFWeb1234567891011121314151617181920212223242526272829303132333435363738394041<?phphighlight_file(__FILE__);$key1 = 0;$key2 = 0;$a = $_GET['a'];$b = $_GET['b'];if(isset($a) && intval($a) > 6000000 && strlen($a) <= 3){ if(isset($b) && '8b184b' === substr(md5($b),-6,6)){ $key1 = 1; }else{ die("Emmm...再想想"); }}else{ ...
攻防世界33-lottery-CTFWeb
攻防世界33-lottery-CTFWeb 规则就是2个相同的数字赢5块…. flag是要9990000买到的,初始账户只有20,买一次2块 先注册 看看源码试试 源码中api.php里有buy方法 我么发现了随机生成的win_number[i]呵numbers[i]是弱比较,能不能绕过呢? 如果是输入true肯定跟1,2是==的 抓包看看 改成这 刷钱就行买到了
攻防世界34-shrine-CTFWeb
攻防世界34-shrine-CTFWeb123456789101112131415161718192021222324252627import flaskimport osapp = flask.Flask(__name__)app.config['FLAG'] = os.environ.pop('FLAG')@app.route('/')def index(): return open(__file__).read()@app.route('/shrine/<path:shrine>')def shrine(shrine): def safe_jinja(s): s = s.replace('(', '').replace(')', '') blacklist = ['config', 'self'] return...
