ezPOP1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950<?phperror_reporting(0);highlight_file(__FILE__);class AAA{ public $s; public $a; publi

web334下载附件后解压 有两个文件：login.js user.js 123456//login.jsvar findUser = function(name, password){return users.find(function(item){return name!=='CTFSHOW' && item.username === n

圣杯战争！！！123456789101112131415161718192021222324252627282930313233343536373839404142<?phphighlight_file(__FILE__);error_reporting(0);class artifact{ public $excalibuer; public $arrow; p

Geek Challenge 2023easy_php123456789101112131415161718192021222324252627282930<?phpheader('Content-type:text/html;charset=utf-8');error_reporting(0);highlight_file(__FILE__);include_once(

xss-labslevel-1（url中get传参—JS弹窗函数alert()） 12345<?php ini_set("display_errors", 0);$str = $_GET["name"];echo "<h2 align=center>欢迎用户".$str."</h2>";?

ctfshow xss做题前需要搭建网站接收flag 2.php代码如下 123456<?php $flag=$_GET['c'];$file=fopen('flag.txt','w+');fwrite($file,$flag);fclose($file);?> 接收GET传来的参数，并写在flag.php中 xss总结 w

ssrfweb3511234567891011<?phperror_reporting(0);highlight_file(__FILE__);$url=$_POST['url'];$ch=curl_init($url);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_RETURNTRANSFER,

web[Week 1] signin信息收集，查看源码发现assets/index-33309f51.js，打开后在页面最底部可发现一个sourceMappingURL=index-33309f51.js.map,猜测可能是sourcemap文件泄露 /assets/index-33309f51.js.map下载文件，找到flag [Week 1] baby_php1234567891011121

PHPvar_dump( ) 以列的形式展开数据，方便查看 scandir( ) 扫描某一文件夹目录 file_get_contents( ) 读取文件，拼接用’.’ 如num=file_get_contents(chr(47).chr(102).chr(49).chr(97).chr(103).chr(103)) base_convert() 函数 在任意进制之间转换数字，返回一个字符

MoectfWeb-http123456789this is GET method,your mission:1.use parameter: UwU=u2.post **form**: Luv=u3.use admin character4.request from 127.0.0.15.use browser 'MoeBrowser'Complete All Mission