Profile

i love cat

as3617

IJCTF 2021 Memory

https://gist.github.com/as3617/fa06307b5c1bcc002e3b646bfcc3500d
exploit code

 

IJCTF 2021 - memory writeup

IJCTF 2021 - memory writeup. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com

  1. disabled_functions are except putenv, mail
  2. clean_up option for session is off
  3. When the UPLOAD_PROGRESS meets clean_up option as off that session file will have the path for the uploaded file.
  4. PHP clean tmp file at the last of execution.
    • So, if PHP gets crash, the tmp file will not be erased -> https://bugs.php.net/bug.php?id=80246
  5. upload dynamic library and get Reverse shell

Thanks to sqrtrev!!

'ctf writeup' 카테고리의 다른 글

corCTF 2021 - mathme writeup  (0) 2021.08.24
SSTF 2021 - poxe_center writeup  (0) 2021.08.17
0CTF/TCTF 2021 Quals - 1linephp [web]  (0) 2021.07.05
zh3r0 CTF v2 Web writeup  (1) 2021.06.06
m0leCon 2021 Teaser Writeup  (0) 2021.05.18