一、源码审计进入靶场,发现有一个表单和源码展示链接。先看源码,进行审计。include 'config.php'; // FLAG is defined in config.php if (preg_match('/config\.php\/*$/i', $_SERVER['PHP_SELF'])) { exit("I don't know what you are thinking, but I won't let you read it :)"); } if (isset($_GET['source'])) { highlight_file(basename($_SERVER['PHP_SELF'])); exit(); } //------------------分界线------------------ $secret = bin2hex(random_bytes(64)); if (isset($_POST['guess'])) { $guess = (string) $_POST['guess']; if (ha
一、简介XXE漏洞全称XML外部实体注入,需要有XML知识基础。XML主要用于数据传输与交换,有点类似于PHP的对象序列化,只不过这种更加简便且结构更加清晰。不过DTD的出现允许了XML文档调用外部文件,当网页程序没有对调用的XML文档进行检查时,可以导致的有任意文件读取、内网探测、系统命令执行。。下面是一个样例XML-DTD文件。<?xml version="1.0"?> <!DOCTYPE note [ <!ELEMENT note (to,from,heading,body)> <!ELEMENT to (#PCDATA)> <!ELEMENT from (#PCDATA)> <!ELEMENT heading (#PCDATA)> <!ELEMENT body (#PCDATA)> ]> <note> <to>Tove</to> <from>Jani</from> <heading>Reminder<
道格安全CTF-EZSSRF1. 代码审计进入靶场,我们发现一页PHP代码。<?php highlight_file(__FILE__); //find something in flag1.php <-- 提示1 $d = $_GET['d']; $file = $_GET['ctf']; if (filter_var($d, FILTER_VALIDATE_URL)) { $r = parse_url($d); if (isset($file)) { if (strpos($file, "lai") !== false && strpos($file, "ya") !== false) { @include($file . '.php');//解题点一 } else { die("Sorry, you can not pass"); } if (preg_matc
Equinox
一个乐于分享的网安人