Author:颖奇L'Amore Blog:www.gem-love.com 比赛地址:https://2020.angstromctf.com/ WEB The Magic Word 考点:inspect element 打开之后是个单页面,查看元素发现如下代码: var msg = document.getElementById("magic"…
Author:颖奇L’Amore Blog:www.gem-love.com 第一天wp: https://www.gem-love.com/ctf/1669.html 第二天wp: https://www.gem-love.com/ctf/1782.html Flaskapp 考点:SSTI+Flask PIN 预备知识:Flask debug …
Author:颖奇L’Amore Blog:www.gem-love.com
第一天wp: https://www.gem-love.com/ctf/1669.html
第三天wp: https://www.gem-love.com/ctf/1785.html
blacklist 考点:堆叠注入+handler代替select 这题是强网杯随便注改的,但是另外ban掉了强网杯payload的RENAME和ALTER。 查表:1'; show tables;#