Web Hacking (91) 썸네일형 리스트형 [Dreamhack] Client Side Template Injection write up #!/usr/bin/python3 from flask import Flask, request, render_template from selenium import webdriver from selenium.webdriver.chrome.service import Service import urllib import os app = Flask(__name__) app.secret_key = os.urandom(32) nonce = os.urandom(16).hex() try: FLAG = open("./flag.txt", "r").read() except: FLAG = "[**FLAG**]" def read_url(url, cookie={"name": "name", "value": "value"}): cook.. [Dreamhack] CSRF Advanced write up #!/usr/bin/python3 from flask import Flask, request, render_template, make_response, redirect, url_for from selenium.webdriver.common.by import By from selenium import webdriver from selenium.webdriver.chrome.service import Service from hashlib import md5 import urllib import os app = Flask(__name__) app.secret_key = os.urandom(32) try: FLAG = open("./flag.txt", "r").read() except: FLAG = "[**FL.. [Dreamhack] CSP Bypass Advanced write up #!/usr/bin/python3 from flask import Flask, request, render_template from selenium import webdriver from selenium.webdriver.chrome.service import Service import urllib import os app = Flask(__name__) app.secret_key = os.urandom(32) nonce = os.urandom(16).hex() try: FLAG = open("./flag.txt", "r").read() except: FLAG = "[**FLAG**]" def read_url(url, cookie={"name": "name", "value": "value"}): cook.. [Dreamhack] CSP Bypass write up - 티스토리 #!/usr/bin/python3 from flask import Flask, request, render_template from selenium import webdriver from selenium.webdriver.chrome.service import Service import urllib import os app = Flask(__name__) app.secret_key = os.urandom(32) nonce = os.urandom(16).hex() try: FLAG = open("./flag.txt", "r").read() except: FLAG = "[**FLAG**]" def read_url(url, cookie={"name": "name", "value": "value"}): cook.. [Draemhack] XSS Filtering Bypass Advanced write up - 티스토 #!/usr/bin/python3 from flask import Flask, request, render_template from selenium import webdriver from selenium.webdriver.chrome.service import Service import urllib import os app = Flask(__name__) app.secret_key = os.urandom(32) try: FLAG = open("./flag.txt", "r").read() except: FLAG = "[**FLAG**]" def read_url(url, cookie={"name": "name", "value": "value"}): cookie.update({"domain": "127.0.0.. [Dreamhack] XSS Filtering Bypass write up - 티스토리 #!/usr/bin/python3 from flask import Flask, request, render_template from selenium import webdriver from selenium.webdriver.chrome.service import Service import urllib import os app = Flask(__name__) app.secret_key = os.urandom(32) try: FLAG = open("./flag.txt", "r").read() except: FLAG = "[**FLAG**]" def read_url(url, cookie={"name": "name", "value": "value"}): cookie.update({"domain": "127.0.0.. [Dreamhack] blind-command write up - 티스토리 #!/usr/bin/env python3 from flask import Flask, request import os app = Flask(__name__) @app.route('/' , methods=['GET']) def index(): cmd = request.args.get('cmd', '') if not cmd: return "?cmd=[cmd]" if request.method == 'GET': '' else: os.system(cmd) return cmd app.run(host='0.0.0.0', port=8000) GET 메소드가 아닐 경우 cmd로 넘어온 값을 system함수가 실행시킨다. cat flag를 하면 flag를 읽을 수 있을 거 같다. POST 요청 결과 허용되지 않은 메소드.. [Dreamhack] web-ssrf write up - 티스토리 #!/usr/bin/python3 from flask import ( Flask, request, render_template ) import http.server import threading import requests import os, random, base64 from urllib.parse import urlparse app = Flask(__name__) app.secret_key = os.urandom(32) try: FLAG = open("./flag.txt", "r").read() # Flag is here!! except: FLAG = "[**FLAG**]" @app.route("/") def index(): return render_template("index.html") @app... 이전 1 ··· 7 8 9 10 11 12 다음
