摘要:
Compared with 萌新web10, the condition of the function if() is inverse that means we cannot use those three functions. To execute shell commands, we can 阅读全文
posted @ 2021-08-17 22:21
_4_FUN
阅读(29)
评论(0)
推荐(0)
摘要:
Obviously, it's something about shell execution and we just only use 'system'. 'exec', 'highlight' those three functions to execute linux shell comman 阅读全文
posted @ 2021-08-16 18:20
_4_FUN
阅读(21)
评论(0)
推荐(0)
摘要:
Nothing we could get, so we gonna inspect the hint. According to the hint, it's easily to associate with that prevailing meme -- remove everything and 阅读全文
posted @ 2021-08-15 20:27
_4_FUN
阅读(27)
评论(0)
推荐(0)
摘要:
Unfortunately, the operator '~' which we always used is filtered. But we still could utilize BINARY to construct the payload we need. 阅读全文
posted @ 2021-08-14 17:30
_4_FUN
阅读(34)
评论(0)
推荐(0)
摘要:
According to the above page, it means that we can input a IP Address and then ping it. We gonna try to figure out what the page returns. It reutns all 阅读全文
posted @ 2021-08-13 22:02
_4_FUN
阅读(33)
评论(0)
推荐(0)
摘要:
It's a typical One Word Trojan, we can utilize AntSword(you can download this tool from github) to penetrate that above stuff. 'Shell pwd' is the POST 阅读全文
posted @ 2021-08-12 17:03
_4_FUN
阅读(46)
评论(0)
推荐(0)
摘要:
The hint where on the web page hints us to request this URI with sepcific IP address. What attribute represents the host IP address? The answer is 'X- 阅读全文
posted @ 2021-08-11 21:33
_4_FUN
阅读(35)
评论(0)
推荐(0)
摘要:
We need to upload a parameter 'a' that value is '1' in GET method. You know that the way to add someting behind URI like '?a=1' is GET method, so the 阅读全文
posted @ 2021-08-10 21:08
_4_FUN
阅读(26)
评论(0)
推荐(0)
摘要:
We notice taht the first condition needs us upload parameter 'a' which is equal to 0 and is TRUE value. So if the parameter 'a' is 0, it represents FA 阅读全文
posted @ 2021-08-09 22:18
_4_FUN
阅读(17)
评论(0)
推荐(0)
浙公网安备 33010602011771号