https://gist.github.com/as3617/fa06307b5c1bcc002e3b646bfcc3500d
exploit code
IJCTF 2021 - memory writeup
IJCTF 2021 - memory writeup. GitHub Gist: instantly share code, notes, and snippets.
gist.github.com
- disabled_functions are except putenv, mail
- clean_up option for session is off
- When the UPLOAD_PROGRESS meets clean_up option as off that session file will have the path for the uploaded file.
- PHP clean tmp file at the last of execution.
- So, if PHP gets crash, the tmp file will not be erased ->
https://bugs.php.net/bug.php?id=80246
- So, if PHP gets crash, the tmp file will not be erased ->
- upload dynamic library and get Reverse shell
Thanks to sqrtrev!!
'ctf writeup' 카테고리의 다른 글
| corCTF 2021 - mathme writeup (0) | 2021.08.24 |
|---|---|
| SSTF 2021 - poxe_center writeup (0) | 2021.08.17 |
| Google CTF 2021 - LETSCHAT [web] (4) | 2021.07.19 |
| 0CTF/TCTF 2021 Quals - 1linephp [web] (0) | 2021.07.05 |
| zh3r0 CTF v2 Web writeup (1) | 2021.06.06 |