2018/08/19

· CTF/2018
Category : pwnable nc pwn01.grandprix.whitehatvn.com 26129file: material.grandprix.whitehatvn.com/pwn01 Summary : stack bof, bypass system call && filename filtering * bypass flag filename filtering (/home/gift/flag.txt) - default[original] monitor : /home/gift/ target : /home/gift/ [open('./aa/../flag.txt')] monitor : real_path(/home/gift/./aa/../flag.txt) = /home/gift/flag.txt ( filtered!!! ) ..
· CTF/2018
Category : Web hacking http://web03.grandprix.whitehatvn.com:1337/ Summary : interspire Email Marketer service, header injection, 1 day, sql injection (1) find admin page (2) get admin permission Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypasshttps://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html..
pwn3r_45
'2018/08/19 글 목록