i love cat
as3617
Real World CTF 4th - web writeup
대회가 끝나고 나서 바로 놀러가서 이제야 라업을 올린다. Hack into skynet #!/usr/bin/env python3 import flask import psycopg2 import datetime import hashlib from skynet import Skynet app = flask.Flask(__name__, static_url_path='') skynet = Skynet() def skynet_detect(): req = { 'method': flask.request.method, 'path': flask.request.full_path, 'host': flask.request.headers.get('host'), 'content_type': flask.request.headers..
Log4j2 vulnerability analysis
보호되어 있는 글입니다.
m0leconCTF 2021 final web writeup
I'm sorry for writing only the exploit and scenario because I don't have enough time. filesharing #scenario 1. upload javascript file 2. share admin 3. xss in /play 4. bypass csp via error page 5 inject script into error pageexploit.js a = window.open('/' + 'x'.repeat(4100)); setTimeout(function() { a.document.body.innerHTML = ``; }, 1000);" payload https://filesharing.m0..
HK CERT CTF 2021 writeup - WEB
Squirrel Community 1 http://chalf.hkcert21.pwnable.hk:28062/chat/user?id=323079825'sql injection이 터진다. http://chalf.hkcert21.pwnable.hk:28062/chat/user?id=3230%20or%201where 뒤를 true로 만들면 플래그를 얻을 수 있다. FLAG : hkcert21{squirrels-or-1-or-2-or-3-and-you}babyxss 그냥 xss하면 된다. FLAG : hkcert21{zOMG_MY_KEYBOARD_IS_BROKEN_CANNOT_TURN_OFF_CAPSLOCK111111111}babyuxss bot url만 준다. javascript scheme 쓰면 된다...
CyberGuardians CTF all writeup
보호되어 있는 글입니다.
Hack.lu CTF 2021 - web writeup
bookmarker payload trading_api payload payload : ||(select%20flag%20from%20flag)|| nodenb race condition create note with random=1 and immediately post /deleteme then access /notes/flag diamondsafe public static function prepare($query, $args){ if (is_null($query)){ return; } if (strpos($query, '%') === false){ error('%s not included in query!'); return; } // get args $args = func_get_args(); ar..
asis ctf 2021 - web writeup
ASCII art as a service jpg파일이 있는 url을 넘겨주면 ascii art로 변환해서 보여주는 사이트다. 코드를 확인해보면 setTimeout(()=>{ try{ const output = childProcess.execFileSync("timeout",["2","jp2a",...url]) fs.writeFileSync(outputFileName,output.toString()) fs.writeFileSync(reqFileName,[reqToken,req.session.id,outputFileName].join('|')) } catch(e){ fs.writeFileSync(reqFileName,[reqToken,req.session.id,"Something bad happened!"]..
2021 Whitehat Contest Finals web writeup
보호되어 있는 글입니다.