随波逐流信息安全网 www.1o1o.xyz

   [随波逐流]CTF Flags

软件版本:v1.0.0   数据版本: v20260526
序号 Website Type Title Value Writeup Competition Id
1 NSSCTF 脚本编写 [GXYCTF 2019]SXMgdGhpcyBiYXNlPw== flag{fazhazhenhaoting} https://www.onctf.com/posts/83401e0a.html GXYCTF 10960
2 NSSCTF MISC [蓝帽杯 2023 半决赛]Loc4te_P4ssw0rd d2h5I0J1dC5Oby1HMSNr[?]#W4wCg== https://blog.csdn.net/lulu001128/arti... 蓝帽杯 14041
3 ctfshow PWN入门.栈溢出 pwn86 http://www.1o1o.xyz:8080/CSDN/Pwn%E5%... 栈溢出 4939
4 ctfshow WEB入门.嵌入式 web463 https://www.dr0n.top/posts/dc70584a/ 嵌入式 3816
5 NSSCTF office文档破解 [BJDCTF 2020]认真你就输了 flag{M9eVfi2Pcs#} https://blog.csdn.net/YueXuan_521/art... BJDCTF 10584
6 qsnctf Solar月赛-应急响应 nginx-proxy 验证后的网址 _setup_monitoring|https://blog... Solar应急响应 5621
7 BUUCTF Pwn [BJDCTF 2nd]snake_dyn https://moddemod.blog.csdn.net/articl... BJDCTF 2nd 5972
8 bugku Crypto babyrsa flag{us4_s1ge_t0_cal_phI} https://www.cnblogs.com/sbhglqy/p/18109180 DownUnderCTF2020 2591
9 bugku Crypto playground maple{th3_KEY_IS_H4RDC0D3d_1n_THE_B1n4ry} http://www.aynakeya.com/ctf-writeup/2... SaplingCTF2022 1688
10 BUUCTF Real [Spring]CVE-2016-4977 Spring Security OAuth2远程代码执行漏洞(CVE-2016-4977)的漏洞成因是Spring Security OAuth在处理OAuth2认证请求时,若使用了whitelabel视图,response_type参数未经过滤直接作为Spring SpEL表达式解析,导致攻击者可通过构造恶意参数执行任意代码。影响版本包括Spring Security OAuth 1.0.0–1.0.5、2.0.0–2.0.9等 1 3 4。复现步骤包括:1. 使用Vulhub靶场启动环境;2. 构造URL(如http://your-ip:8080/oauth/authorize?response_type=${2*3}&client_id=acme...)验证SpEL表达式执行;3. 通过Python脚本生成反弹shell的base64编码payload并替换至URL中触发 1 3。验证网址为:https://blog.csdn.net/m0_58596609/article/details/124323206 https://www.cnblogs.com/kalixcn/p/18166084 Spring 7440