_4_FUN

摘要： This also involves HTML, anyway, inspect the source code of this website first. We got the hint to continue. It's probable the correct password. 阅读全文

摘要： The key point is the above description whthin red rectangle means there is no password file to be compared with the password you entered. So just clic 阅读全文

摘要： This is someting about HTML called 'The Idiot Test', I dont know what it is, anyway, to inspect the source code of this website Okay, well, we got the 阅读全文

摘要： It involves file-inculding, I wanna use php:// protocal but then I notice 'php' is filtered. Therefore, I prepare to use another method -- Log Penetra 阅读全文

摘要： It needs us to decode this md5 string. Casually find a md5-decoding website and decode it. The link of above website is: https://www.somd5.com/ 阅读全文

摘要： All the methods we used are invaild, and notice that ';' is not matched. But we still cannot use passthru() cuz '(' is filtered. It is a little bit co 阅读全文

摘要： In 萌新web13, I introduce a new method to figure this kinds of questions out. And luckily, it still works here. 阅读全文

摘要： We can even not use ';' to execute passthru() function. Excluding those PHP functions that we know can execute Linux commands, how to do this? Actuall 阅读全文

摘要： Although we still can use passthru() to execute commands but we can not appoint 'config.php' to be inspected. Even though we all know that the flag is 阅读全文

摘要： Anyway, this constraint of regular expression cannot stop us to penetrate. We just exploit that payload which is as same as web10's. 阅读全文