[2021DASCTF实战精英夏令营暨DASCTF July X CBCTF 4th]realNoOutput
| ID: | 5790 |
|---|---|
| 标题: | [2021DASCTF实战精英夏令营暨DASCTF July X CBCTF 4th]realNoOutput |
| 描述: | None |
| 类型: | Pwn |
| 网站: | BUUCTF |
| 题目链接: | https://buuoj.cn/challenges#[2021DASCTF实战精英夏令营暨DASCTF July X CBCTF 4th]realNoOutput |
| 赛事: | 2021DASCTF实战精英夏令营暨DASCTF July X CBCTF 4th |
| 年度: | 2021 |
| Flag值: | cybercms预期解为后台登录处SQL注入写入一句话木马,通过构造Payload实现注入。 |
| writeup: |
https://miaotony.xyz/2021/08/10/CTF_2021DASCTF_July_cybercms/ jspxcms通过zip解压功能目录穿越漏洞上传war包获取flag。 https://cloud.tencent.com/developer/article/2070025 ezrce利用Node.js全局mock脚本实现远程代码执行。 https://cloud.tencent.com/developer/article/2070025 |