羊城杯2022 wp rce_me 很怪,为什么是用这个$_SERVER["QUERY_STRING"来和黑盒匹配,后面想到它可以url编码绕过 尝试phpinput等等方式失败,因为allow_url_include=0 考虑sess文件包含+条件竞争参考,参考 https://blog.csdn.net/qq_4308561…
鹏城杯Ez_java 分析 看源码 关注到这,考察反序列化 @ResponseBody @PostMapping({"/read"}) public String read(@RequestParam(name = "data", required = true) String data) throws IO…
d3ctf·rome 如果想转Base64加上这个就好 ByteArrayOutputStream baos = new ByteArrayOutputStream(); ObjectOutputStream oos = new ObjectOutputStream(baos); oos.writeObject(map); oos.close();…
[2022虎符]ezchain 代码审计 static class MyHandler implements HttpHandler { public void handle(HttpExchange t) throws IOException { String query = t.getRequestURI().getQuery(); Map&l…