- 2024-07-31[HITCON 2017]SSRFme 1
目录代码审计@符号shell_exec()函数:GET".escapeshellarg($_GET["url"]):pathinfo($_GET["filename"]basename()题目解析代码审计118.182.186.90<?phpif(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){$http_x_headers=explod
- 2024-06-11[HITCON 2017]SSRFme
[HITCON2017]SSRFme打开环境就是代码审计<?phpif(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){$http_x_headers=explode(',',$_SERVER['HTTP_X_FORWARDED_FOR']);$_SERVER['REMOTE_ADDR']=$http_x_headers[
- 2022-12-01HITCON-meow_way
一道天堂之门的题目,但是其实不用天堂之门也可以做先查壳,32位无壳 直接拖入ida分析先读入flag,校验长度然后进行每一位的加密 最后进行校验点进函数发现是个地
- 2022-11-04sleepyHolder_hitcon_2016
sleepyHolder_hitcon_2016今天才开通博客,欢迎各位大佬光临>_<正好今天才做好一个有关unlink的题,(几个月前才学过,由于本人太菜,再加上栈没学好,学过之后就在作栈题,正好zikh
- 2022-08-272015 HITCON BabyFirst-复现
解题过程代码分析<?php$dir='sandbox/'.$_SERVER['REMOTE_ADDR'];if(!file_exists($dir))mkdir($dir,recursive:true);chdir($dir);$args=$_GET['a