标签 suctf 下的文章

SUCTF 2018 Web Writeup

0x01 Anonymous

这道题是HITCON2017一道题的删减版,拿Writeup里的payload即可获得flag

参考文章:https://lorexxar.cn/2017/11/10/hitcon2017-writeup/#baby-h-master-php-2017

0x02 Getshell

参考文章:https://www.leavesongs.com/PENETRATION/webshell-without-alphanum.html

if($contents=file_get_contents($_FILES["file"]["tmp_name"])){
    $data=substr($contents,5);
    foreach ($black_char as $b) {
        if (stripos($data, $b) !== false){
            die("illegal char");
        }
    }     
} 

Continue Reading...