Command injection - Filter bypass (풀이 봄) 30 Points Ping service v2 Author sambecks, 20 September 2017 Statement Find a vulnerability in this service and exploit it. Some protections were adde...

File upload - ZIP File upload - ZIP Unsafe decompression Author ghozt, 3 August 2017 Statement Your goal is to read index.php file. Solution Zip based exploit levelup.gitconne...

PHP Xdebug xdebug란 php extension으로 php debugging tool로 보면 된다. 공식 document 주소 xdebug.org/docs/ Debugging Step xdebug.org/docs/step_debug#manual-init 디버깅 과정은 아래와 같다. 서버로...

PHP - Remote Xdebug 25 Points remote_connect_back Author mayfly, 18 March 2020 Statement Find the file that contains the validation password. 1 related ressource(s) xdebug.org...

PHP - register globals Author g0uZ, 8 October 2011 Statement It seems that the developper often leaves backup files around... Solution register_globals와 취약점 stackoverflow.com/...

PHP - Filters FileManager v 0.01 Author g0uZ, 27 February 2011 Statement Retrieve the administrator password of this application. Solution inc 파라미터가 있는데 여기로 들어갈 페이지를 입력을 받는다. ../를...

PHP - assert() Read the doc! Author Birdy42, 26 November 2016 Statement Find and exploit the vulnerability to read the file .passwd. Solution home, about 등의 페이지에 접속하면 파라미터로 ?page=h...

JSON Web Token (JWT) - Introduction 20 Points Secure token exchange Author Kn0wledge, 21 August 2019 Statement To validate the challenge, connect as admin. Solution JWT(Json Web...

Insecure Code Management Author Swissky, 29 September 2019 Statement Get the password (in clear text) from the admin account. Solution 관련 자료로 git-scm 홈페이지를 알려주는데, 이를 토대로 확인해보면 git을...

File upload - Null byte Author g0uZ, 26 December 2012 Statement Your goal is to hack this photo galery by uploading PHP code. Solution 이 문제는 파일 확장자와 파일 타입을 검사하게 되어 있는데, double exte...