Web Hacking/DreamHack

보호되어 있는 글입니다.

"; } return $flag; } else { mysql_query("UPDATE findflag_2 SET $count_column=($query[$count_column] + 1);"); } return $query[$flag_column]; } function get_pw($pw_column){ $query = mysql_fetch_array(mysql_query("select $pw_column from findflag_2 limit 1")); return $query[$pw_column]; } /*****************..

매우매우매우 화난다쉬운문젠데 시간을 너무많이 썼다.소스코드부터 보자#!/usr/bin/python3from flask import Flask, request, render_template, make_response, redirect, url_forfrom selenium.common.exceptions import TimeoutExceptionfrom urllib.parse import urlparsefrom selenium import webdriverfrom selenium.webdriver.chrome.service import Servicefrom hashlib import md5import urllibimport osapp = Flask(__name__)app.secret_key = os.ura..

#!/usr/bin/python3from flask import Flask, request, render_templatefrom selenium import webdriverfrom selenium.webdriver.chrome.service import Serviceimport urllibimport osapp = Flask(__name__)app.secret_key = os.urandom(32)nonce = os.urandom(16).hex()try: FLAG = open("./flag.txt", "r").read()except: FLAG = "[**FLAG**]"def read_url(url, cookie={"name": "name", "value": "value"}): cookie..

CSRF 문제이다. XSS만 풀다보니 CSRF에 대한 지식은 별로 없어서 writeup을 작성하려 한다.#!/usr/bin/python3from flask import Flask, request, render_template, make_response, redirect, url_forfrom selenium.webdriver.common.by import Byfrom selenium import webdriverfrom selenium.webdriver.chrome.service import Servicefrom hashlib import md5import urllibimport osapp = Flask(__name__)app.secret_key = os.urandom(32)try: FLAG = o..