blog_comment's Introduction
blog_comment's People
Contributors
Watchers
blog_comment's Issues
安恒杯2019一月赛(web) | Lou00's blog
https://blog.lou00.top/2019/11/25/%E5%AE%89%E6%81%92%E6%9D%AF2019%E4%B8%80%E6%9C%88%E8%B5%9B(web)/
babyGo12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758<?php @error_reporting(1); include 'flag.php';class baby { protected $sk
bytectf 2019 web题复现 | Lou00's blog
https://blog.lou00.top/2019/11/25/bytectf%202019%20web%E9%A2%98%E5%A4%8D%E7%8E%B0/
bring_code环境https://github.com/glzjin/bytectf_2019_boring_code 解题访问http://127.0.0.1:8302/code/ 123456789101112131415161718192021222324252627282930313233<?phpfunction is_valid_url($url) { if
SUCTF-2019 web题解 | Lou00's blog
https://blog.lou00.top/2019/11/25/SUCTF-2019%20web%E9%A2%98%E8%A7%A3/
web题目源码https://github.com/team-su/SUCTF-2019 CheckIn一道文件上传传题 对文件后缀名检测到有ph存在就报错 文件名不受限制,也不会再后端进行更改 对文件内容进行限制,限制<?使用 还有要求图片文件头(添加GIF89a即可绕过) 上传目录上有个index.php 后端为nginx 先上传一个123.png 12345678910111213
vscode 调 PHP-FPM+Nginx漏洞 (CVE-2019-11043) | Hexo
环境配置php-fpm将最大子进程数置为1 12345[www]...pm = static...pm.max_children = 1 nginx123456789location ~ [^/].php(/|$) { root /PATH/TO/WEBROOT; fastcgi_split_path_info ^(.+?.php)(
shiro ≦ 1.2.4 反序列化学习 | Lou00's blog
shiro介绍shiro是一个安全框架,用于处理身份验证,授权,企业会话管理和加密##环境 12345git clone https://github.com/apache/shiro.gitcd shirogit checkout shiro-root-1.2.4cd ./samples/webmvn package 有几个坑 默认是1.6的jdkjstl-1.2.jar要自己下载 可以使用下面
PHP扩展开发 - PHP利用插件获取网页response | Lou00's blog
首发于https://xz.aliyun.com/t/5996 起因想通过php扩展获取到页面返回的response ob_start的源码实现先看看ob_start的实现在main/output.c和main/php_output.h下 1234567891011121314151617181920PHP_FUNCTION(ob_start){ zval *output_handler
PHP的编译与执行笔记 - Zend虚拟机 | Lou00's blog
执行流程 oplineopline是ZendVM定义的执行指令由编译器负责将PHP代码解释为ZendVM可识别的指令(即opline)opline指令的结构为zend_op 123456789101112struct _zend_op { const void *handler; ////对应执行的C语言function,即每条opcode都有一个C function处理 z
JNDI注入 | Lou00's blog
https://blog.lou00.top/2019/11/25/JNDI%E6%B3%A8%E5%85%A5/
前言本漏洞是在JDK1.7的,在jdk8u191之后设置了com.sun.jndi.ldap.object.trustURLCodebase为 false,限制了远程加载class文件本文会先讲jdk8u191以前的注入方法之后会讲jdk8u191以后的绕过 JNDIJava Naming and Directory Interface简单来说就是 JNDI 提供了一组通用的接口可供应用很方便地去
tp5.1.x 5.2.x反序列化链 | Lou00's blog
https://blog.lou00.top/2019/11/25/tp5.1.x%205.2.x%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E9%93%BE/
前言在n1ctf2019比赛wp上看到了一条全新的反序列化链,做个记录 环境tp5.1.38环境搭完后记得运行compose install 分析直接先提供了一个反序列化路口 12345public function test($test = '') { unserialize($test); return 1; } 首先是入口/var/
PHP扩展开发 - 替换PHP底层函数实现 | Lou00's blog
最近在看php的底层源码,虽说有点自闭,但也搞出了一点东西 思路自己新建一个扩展,然后,在扩展中找到对应的函数实现,然后把这个函数实现替换成自己的 几个关键函数或定义INTERNAL_FUNCTION_PARAME这个宏来表示整个函数的参数列表 CG(function_table)在php中的所有的函数,都会在执行时存放在一个大的HashTable中,这个HashTable就是function_t
D^3ctf 2019 Official Writeup ezupload | Hexo
https://blog.lou00.top/2019/11/27/D3ctf-2019-Official-Writeup-ezupload/
考察点:glob://爆破 文件上传写shell题目描述: webroot in /var/www/htmlhint1: webroot changes every 10 minshint2: globhint3: https://www.php.net/manual/en/language.oop5.decon.php Pay attention to the notes in the a
D^3ctf 2019 Official Writeup ezupload | Hexo
https://blog.lou00.top/2019/11/27/D3ctf-2019-Official-Writeup-ezupload/
考察点:glob://爆破 文件上传写shell题目描述: webroot in /var/www/htmlhint1: webroot changes every 10 minshint2: globhint3: https://www.php.net/manual/en/language.oop5.decon.php Pay attention to the notes in the a
友情链接 | Hexo
tp5.1.x 5.2.x反序列化链 | Hexo
https://blog.lou00.top/2019/11/25/tp5.1.x%205.2.x%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E9%93%BE/
前言在n1ctf2019比赛wp上看到了一条全新的反序列化链,做个记录 环境tp5.1.38环境搭完后记得运行compose install 分析直接先提供了一个反序列化路口 12345public function test($test = '') { unserialize($test); return 1; } 首先是入口/var/
X-NUCA 2019线上赛 web题解 | Lou00's blog
https://blog.lou00.top/2019/11/25/X-NUCA%202019%E7%BA%BF%E4%B8%8A%E8%B5%9B%20web%E9%A2%98%E8%A7%A3/
环境https://github.com/NeSE-Team/OurChallenges ezphp12345678910111213141516171819202122232425262728293031323334<?php $files = scandir('./'); foreach($files as $file) { if(is_fil
Jenkins RCE分析(CVE-2018-1000861) | Lou00's blog
https://blog.lou00.top/2019/11/25/Jenkins%20RCE%E5%88%86%E6%9E%90(CVE-2018-1000861)/
前言总体看下来,在没有任何插件的情况下,更像是一个越权漏洞然后通过插件的cve去rce参考文章有些地方没有吃透,在此做个记录 漏洞范围 ANONYMOUS_READ disable Jenkins version < 2.138 ANONYMOUS_READ enable(or with a normal user account) Jenkins build time < 201
D^3ctf 2019 Official Writeup ezupload | Hexo
https://blog.lou00.top/2019/11/27/D3ctf-2019-Official-Writeup-ezupload/
考察点:glob://爆破 文件上传写shell题目描述: webroot in /var/www/htmlhint1: webroot changes every 10 minshint2: globhint3: https://www.php.net/manual/en/language.oop5.decon.php Pay attention to the notes in the a
伪造mysql服务器,任意读取文件 | Lou00's blog
使用场景在一些cms的install页面下要提供mysql服务器利用伪造mysql服务器,就可以任意读取cms的服务器下的文件或者蜜罐 复现过程先利用如下脚本与正常的mysql服务器进行交互 123456789101112131415<?php$mysqli = new mysqli("127.0.0.1", "root", "123456", "mysql", 3306);if (!$my
S2-001学习记录 | Hexo
https://blog.lou00.top/2019/11/25/S2-001%E5%AD%A6%E4%B9%A0%E8%AE%B0%E5%BD%95/
环境https://github.com/vulhub/vulhub/blob/master/struts2/s2-001/S2-001.war 影响WebWork 2.1 (with altSyntax enabled), WebWork 2.2.0 - WebWork 2.2.5, Struts 2.0.0 - Struts 2.0.8 成因translateVariables中,循环解析了表
PHP的编译与执行笔记 - PHP的执行 | Lou00's blog
ZendVM执行器由以下两个组成 handler 调度器 handler一条opcode对于不同的操作数类型会有不同的handler最多可以有25种handler定义在Zend/zend_vm_def.hcf但编译时不会用到,修改后需要在Zend目录下执行zend_vm_gen.php脚本生成实际的handler文件:zend_vm_execute.hZEND_ECHO为echo操作的opco
roarctf2019 web题目wp解题集合 | Hexo
前言看了下Roarctf2019题目有几题是存在多解,做一个记录 环境根据官方 已发布在BUUCTF Simple Upload12345678910111213141516171819202122232425262728293031323334<?phpnamespace Home\Controller;use Think\Controller;class IndexController
vscode 调 PHP-FPM+Nginx漏洞 (CVE-2019-11043) | Hexo
环境配置php-fpm将最大子进程数置为1 12345[www]...pm = static...pm.max_children = 1 nginx123456789location ~ [^/].php(/|$) { root /PATH/TO/WEBROOT; fastcgi_split_path_info ^(.+?.php)(
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.