FIX: markdown code fensing.
This commit is contained in:
parent
4a058b1802
commit
01d3b4306e
|
@ -15,7 +15,7 @@ votre choix et démarrez y PHP simplement avec le serveur de dev:
|
|||
$ php -S localhost:8080 -d zend.assertions=1
|
||||
```
|
||||
|
||||
Chaque code contient un ``flag``, le but est de récupérer ce flag via
|
||||
Chaque code contient un `flag`, le but est de récupérer ce flag via
|
||||
HTTP. Évidemment vous connaissez le flag à l'avance, vous l'avez vu,
|
||||
vous l'avez copié avec le code, le but reste de réussir à l'obtenir
|
||||
via http://localhost:8000/.
|
||||
|
@ -23,7 +23,6 @@ via http://localhost:8000/.
|
|||
|
||||
## Injection de code
|
||||
|
||||
```
|
||||
<?php
|
||||
|
||||
/* flag: sup3rs3cr3t */
|
||||
|
@ -32,12 +31,11 @@ if (isset($_GET['solve']))
|
|||
echo eval('echo ' . $_GET['solve'] . ';');
|
||||
else
|
||||
echo 'Missing "solve" in query string';
|
||||
```
|
||||
|
||||
|
||||
|
||||
## Injection de code — protection
|
||||
|
||||
```
|
||||
<?php
|
||||
|
||||
/* flag: sup3rs3cr3t */
|
||||
|
@ -54,12 +52,10 @@ if (isset($_GET['solve']))
|
|||
}
|
||||
echo eval('echo ' . $_GET['solve'] . ';');
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
## Basic Auth
|
||||
|
||||
```
|
||||
<?php
|
||||
|
||||
$admin_password = "Just_Imagine_You_Dont_Know_It_" . (string)rand();
|
||||
|
@ -78,12 +74,10 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET' ||
|
|||
|
||||
echo "Access Granted!! You got root!";
|
||||
echo "Flag: Sup3rS3cr3t";
|
||||
```
|
||||
|
||||
|
||||
## File storage
|
||||
|
||||
```
|
||||
<form method="post" enctype="multipart/form-data">
|
||||
<input type="file" name="file">
|
||||
<input type="submit" value="upload">
|
||||
|
@ -92,7 +86,7 @@ echo "Flag: Sup3rS3cr3t";
|
|||
|
||||
<?php
|
||||
|
||||
$mysql_password = 'sup3rs3cr3t';
|
||||
$flag = 'sup3rs3cr3t';
|
||||
|
||||
$uploaddir = './uploads';
|
||||
$whitelist = ['image/jpeg', 'image/png'];
|
||||
|
@ -112,11 +106,10 @@ if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)) {
|
|||
echo 'debug:';
|
||||
|
||||
print_r($_FILES);
|
||||
```
|
||||
|
||||
|
||||
## Assert
|
||||
|
||||
```
|
||||
<?php
|
||||
|
||||
/* flag: super secret */
|
||||
|
@ -137,13 +130,11 @@ ini_set('zend.assertions', '1');
|
|||
|
||||
assert("strlen('" . $_GET["password"] . "') > 3",
|
||||
"Need a longer password");
|
||||
```
|
||||
|
||||
|
||||
## Transtypage
|
||||
|
||||
|
||||
```
|
||||
<?php
|
||||
|
||||
$auth = json_decode($_GET['auth'], TRUE);
|
||||
|
@ -167,12 +158,10 @@ if (!empty($auth))
|
|||
}
|
||||
echo "Need a ?auth= query string with JSON like";
|
||||
echo " {'login': your_login, 'password': your_password}";
|
||||
```
|
||||
|
||||
|
||||
## Harder transtypage
|
||||
|
||||
```
|
||||
<?php
|
||||
|
||||
$auth = json_decode($_GET['auth'], TRUE);
|
||||
|
@ -196,4 +185,3 @@ if (!empty($auth))
|
|||
}
|
||||
echo "Need a ?auth= query string with JSON like";
|
||||
echo " {'login': your_login, 'password': your_password}";
|
||||
```
|
Loading…
Reference in New Issue
Block a user