_4_FUN

摘要： Well, maybe the operator '~' is scarce or not be utilized frequently, therefore it still not be filtered. 阅读全文

摘要： Open the web page, it shows a button you can't click. So we inspect the source code. We find the code "disabled=''" , it gives the button that specifi 阅读全文

摘要： Inspect the regular expression condition whether contans '~', if not ,go ahead with the previous payload '~~1000'. 阅读全文

摘要： Luckily, the addtional regular expression dose not contains the prefix '~', so wo still could exploit that payload '~~1000' to bypass the filiter. Don 阅读全文

摘要： Obviously, in comparision to 萌新web2，here adding additional filter conditions that regular expression can match those stuff: 'or', '-', '\', '*', '<', 阅读全文

摘要： This is similar to 萌新web1, but the only difference between them is here adding the function preg_match() that is a regular expression to filter 'or' a 阅读全文

摘要： We notice that it's related to bypassing. The below annotation reminds us that the true id is 1000, so we need bypass the function intval(). In order 阅读全文

摘要： The knowledge point of this question is cookie what contains some necessary information about personal status so that Web server could remember you. W 阅读全文

摘要： So the hint is very obvious :) .bak uesd to be the postfix of backup file. Download this backup file and the flag is hidden in source code. 阅读全文

摘要： It is a blank web page. So get the help from the hint: X老师上课讲了Robots协议，小宁同学却上课打了瞌睡，赶紧来教教小宁Robots协议是什么吧。 Robots Protocal is uesd to constrain the range 阅读全文