当前位置:网站首页>ctfshow-web355,356(SSRF)
ctfshow-web355,356(SSRF)
2022-07-01 07:06:00 【m0_ sixty-two million ninety-four thousand eight hundred and fo】
web-355
<?php
error_reporting(0);
highlight_file(__FILE__);
$url=$_POST['url'];
$x=parse_url($url);
if($x['scheme']==='http'||$x['scheme']==='https'){
$host=$x['host'];
if((strlen($host)<=5)){
$ch=curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result=curl_exec($ch);
curl_close($ch);
echo ($result);
}
else{
die('hacker');
}
}
else{
die('hacker');
}
?>host The length is less than 5, namely 127.0.0.1 To be less than 5, It can be written. 127.1 or 0
web-356
<?php
error_reporting(0);
highlight_file(__FILE__);
$url=$_POST['url'];
$x=parse_url($url);
if($x['scheme']==='http'||$x['scheme']==='https'){
$host=$x['host'];
if((strlen($host)<=3)){
$ch=curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result=curl_exec($ch);
curl_close($ch);
echo ($result);
}
else{
die('hacker');
}
}
else{
die('hacker');
}
?>url=http://0/flag.php
边栏推荐
- 为什么这么多人转行产品经理?产品经理发展前景如何?
- Methods of downloading Foreign Periodicals
- MySQL table partition creation method
- DC-4 target
- [recommendation technology] matlab simulation of network information recommendation technology based on collaborative filtering
- Esp32 esp-idf ADC monitors battery voltage (with correction)
- Operation and maintenance management system, humanized operation experience
- 【LINGO】求无向图的最短路问题
- Dirty reading, unreal reading and unrepeatable reading
- AI视频智能平台EasyCVR设备录像出现无法播放现象的问题修复
猜你喜欢
SQL learning notes nine connections 2
![[network planning] (I) hub, bridge, switch, router and other concepts](/img/7b/fcef37496517c854ac1dbfb35fa3f4.png)
[network planning] (I) hub, bridge, switch, router and other concepts
Problem: officeexception: failed to start and connect (III)
ctfshow-web355,356(SSRF)
Dirty reading, unreal reading and unrepeatable reading
DC-4 target
8 张图 | 剖析 Eureka 的首次同步注册表
如何进入互联网行业,成为产品经理?没有项目经验如何转行当上产品经理?
图像风格迁移 CycleGAN原理
如何通过cdn方式使用阿里巴巴矢量图字体文件
随机推荐
自动化测试平台(十三):接口自动化框架与平台对比及应用场景分析及设计思路分享
解决无法读取META-INF.services里面定义的类
SQL learning notes 2
关于图灵测试和中文屋Chinese room的理解
【FPGA帧差】基于VmodCAM摄像头的帧差法目标跟踪FPGA实现
MySQL table partition creation method
Is it suitable for girls to study product manager? What are the advantages?
Router 6/ and the difference with router5
女生适合学产品经理吗?有什么优势?
如何制作专属的VS Code主题
清除过期缓存条目后可用空间仍不足 - 请考虑增加缓存的最大空间
rclone常用子命令中文解释
Webapck packaging principle -- Analysis of startup process
Système de gestion de l'exploitation et de l'entretien, expérience d'exploitation humanisée
问题解决:OfficeException: failed to start and connect(一)
[recommendation technology] matlab simulation of network information recommendation technology based on collaborative filtering
广发证券开户是安全可靠的么?怎么开广发证券账户
Reply and explanation on issues related to "online training of network security education in 2022"
Why did grayscale fall from the altar?
We found a huge hole in MySQL: do not judge the number of rows affected by update!!!