break_the_calculator
| ID: | 2551 |
|---|---|
| 标题: | break_the_calculator |
| 描述: | Wrote a calculator in JavaScript as beginner project. It worked so well, that I decided to make it public available. |
| 类型: | PWN |
| 网站: | bugku |
| 题目链接: | https://ctf.bugku.com/challenges/detail/id/2734.html |
| 赛事: | GlacierCTF2022 |
| 年度: | 2022 |
| Flag值: | GlacierCTF2022的break_the_calculator题目答案为通过JavaScript代码注入读取服务器文件,具体payload为console.log(process.mainModule.constructor.readFileSync("/app/flag.txt", "utf8"));,验证网址为https://www.madrhacks.org/writeups/glacier-2022/。该网页详细描述了漏洞利用过程,包括代码分析和攻击脚本,确认解题逻辑真实有效。 |
| writeup: | https://www.madrhacks.org/writeups/glacier-2022/ |