Muuu Nya's Blog



漏洞成因 由于两个代码管理平台均使用了go-macaron作为web框架, 而go-macaron中的session插件并没有对sessioni

HITCON CTF 2018 - Why so Serials? Writeup

HITCON CTF 2018 - Why so Serials? Writeup Description Why so Serials? Shell plz! Author: orange 1 Team solved. 解题思路 绕过后缀名, 读取web.config(SSI) 题目给出了源代码 <%@ Page Language="C#" %> <script runat="server"> protected void Button1_Click(object sender, EventArgs e) { if (FileUpload1.HasFile)

2018 CTF Web Write-up

这比赛就两个web, 真的是太不友好了, 对于一只菜鸡web狗, 两个题目的难度也是一个天上一个地下. WEB Baby PHP (Category: Web) Difficulty: baby PHP is a popular general-purpose scripting language that is especially suited to web development. Fast,

CASW CTF 2018 Web500 Write-up

Description C S A W C T F It is a period of civil war. Rebel hackers, striking from a hidden base, have won their first victory against the evil DBA. During the battle, Rebel spies managed to steal secret plans to the DBA's ultimate weapon, WTF.SQL, an integrated framework with enough buzzwords to host an entire website. Pursued by the DBA's sinister agents, You, the Player, race home aboard your VT100, custodian of the stolen schema that can save the animals and restore freedom to the internet.

Golang中的slice, array和append

引言 在编程语言的设计过程中, array是一个重要的数据结构, 实现array的功能常常需要考虑很多因素, 如: length是否可变? length

Hello World


Hello World 这就是我的第一篇文章了, 那么为什么突然又要重新开始博客计划了呢…. 我也不知道. 哈哈哈哈哈(雾, 还是好好写吧…