First, blasting, including including MD5, blasting random number, verification code identification, etc.
Second, around the WAF, including the fancy around MySQL, around the file read keyword detection and other interception
Three, fancy playing a few PHP features, including the weak type, strpos and = = =, deserialization +destruct,/-truncation, iconv truncation,
Four, password problems, including hash length extension, XOR, shift encryption of various variants, 32-bit random number is too small
Five, a variety of source-seeking skills, including Git, SVN, XXX.PHP.SWP, *www*. (zip|tar.gz|rar|7z), Xxx.php.bak,
Vi. file upload, including fancy file suffix. php345. Inc phtml PHPT Phps, various file content detection
Vii. MySQL type differences, including features similar to PHP weak type, 0x, 0b, 1e, and so on, varchar and integer conversion to each other
Eight, Open_basedir, disable_functions fancy bypass techniques, including DL, Mail, Imagick, bash vulnerability, directoryiterator, and various binary player approaches
Nine, conditional competition, including the creation of shells before the deletion of the competition database without lock more money
Ten, social workers, including the flower-type search social work pool, Weibo, QQ signature, Whois
Xi. Windows features, including short file names, IIS parsing vulnerabilities, NTFS file system wildcard characters,:: $DATA, colon truncation
12, SSRF, including fancy probe port, 302 jump, fancy protocol utilization, Gophar directly take shell, etc.
13, XSS, various browser auditor bypass, Rich text filter black and white list bypass, Flash XSS, CSP bypass
14, XXE, various XML existence place (rss/word/streaming media), various XXE utilization methods (SSRF, file read)
XV, protocol, fancy IP forgery X-forwarded-for/x-client-ip/x-real-ip/cdn-src-ip, fancy change ua, fancy Tibetan flag, fancy analysis packet
15 Web knowledge of CTF quiz routines