Home > Developer > Web Develop

[XCTF Carnival Tour] (web) WEB2 assert function

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

0x00 Topic Analysis

Browse through the page and on the About page, get the following information

Access. git/, page exists.

Use Githack to chop down. Get the source code, and conduct an audit.

The analysis obtained:

1.flag on the flag page, to see the source code to see.

2. Parameter filter: /That is, limited to this directory only

3. The EXISTS function determines the existence of the file.

Ways to solve problems in 0x01

Clarify the idea, to see the source code, there are several methods.

1. System command execution, cat and other functions

2. Function execution, Show_source, etc.

3. Package the files and download them.

The most likely thing here is that the function is executed, although there is a "require_once" below, but because of the limitations of the two statements above, there is no remote inclusion.

Throw code into the software auto-audit.

Obviously, the key is in the Assert function, the Internet to find relevant information.

The function introduction refers to the following pages:

https://www.douban.com/note/217557007/

The understanding of this function is that the function executes the statement inside the parentheses, and the Boolean truth of the sentence inside the brackets is not true, it will prompt warning.

The following is a test of this function.

There is no prompt when it is true.

So, this question.

Notice the closing of the single quotation marks, parentheses, and so forth. The available parameters should be

Page=1 ') = = (Show_source (' templates/flag.php '));//

Find one of these online:

Page= ' and Die (Highlight_file (' templates/flag.php ')) or '

This is written using the second assert, and the final sentence is:

Executes three statements, and the "or" in it can be replaced with "and"

0x02 Summary

Magical php Function: Assert, this function can be used to write horses over dogs, but a word of the dog is too simple.

What questions do not ask the magic conch first?

Continue to learn ~ ~

[XCTF Carnival Tour] (web) WEB2 assert function

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
assert function in java carnival theme background re tour tour golang zro tour dev tour nrf tour

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More