Analysis : Introduce 위 사진을 보면 fast-json-patch 모듈의 applyPatch() 메서드를 이용해서 a라는 메서드를 패치 시켜주는데, 이때 내부 오퍼레이션에 의해서 Prototype Pollution 취약점이 발생한다. 인자로는 2개의 값을 보내주는 것을 볼 수 있다. 첫 번째 인자는 패치할 주체가 들어가고, 두 번...

The online_compiler challenge is bypass the disable_functions and get the flag. First at challenge, Given the back-end code and php.ini file. When execute the php code at back-end you just nee...

I solved one challenge for web (Web) diveinternal [50 pts] The diveinternal challenge is to get a flag using an ssrf vulenrability. var express = require('express'); var request = requir...

(Web) Tar Inspector [994 pts] Tar Inspector challenge is get the shell using RCE and read the flag Many people asked for a hint and the contest provided the code for the secure_filename() fun...

(Web) Baby SQLi [170 pts] Baby SQLi challenge is bypass of waf and using shell command. First, You can using .system/.shell/.sh command and execute shell command in SQLite3 // SQLite3 CLI sq...