본문 바로가기

Web

[Hacktivity] Arbitrary file read via ffmpeg HLS parser at https://www.flickr.com/photos/upload(https://www.flickr.com/photos/upload에서 ffmpeg HLS 파서를 통해 임의 파일 읽기) Summary: FFmpeg is a video and audio software that is used for generating previews and for converting videos. Your current installation allows HLS playlists that contain references to external files, which leads to local file disclosure. Steps to Reproduce: 1.Download the attached file. READ__etc_passwd.avi (F413554) 2.Go to https://www.flickr.com/photos/upload/ and upload the attached file. 3.N.. 더보기
Fiddler Inspectors(response tab) 주석모음, beautifier 피들러 설치 경로의 Inspector 디렉터리에 복사 붙여넣기 주석모음 C:\피들러설치경로\Inspectors\CommentExtractor.dll (정규식 하나라서 엉뚱한걸 많이 긁어옴..) jsToBeautifier https://github.com/beautify-web/js-beautify https://github.com/denis-ivanov/Jsbeautifier C:\피들러설치경로\Inspectors\jsTobeautify.dll 더보기
php 5.3+ 에서 strcmp 구문 0 리턴 https://cryptixctf.com/web4/login.php include_once 'flag.php'; if($_SERVER["REQUEST_METHOD"] == "POST"){ if(isset($_POST["ID"])&&isset($_POST["pwd"])){ if(strcmp($secretpassphrase, $_POST["pwd"]) == 0){ echo "Hey, you are in! " . $_POST["ID"] . " "; if($_POST["ID"] == "SuperUser1337"){ echo "Your Flag: " . $flag; } }else{ echo "no"; } } } php 5.3+의 경우 strcmp 구문에서 배열형식으로 접근되는 경우 0을 리턴한다. ID=Super.. 더보기