DASCTF July X CBCTF 4th web part WP
DASCTF July X CBCTF 4th web part WP
ezrce
Yapi remote command execution vulnerability
YAPI uses mock data / script as the intermediate interaction layer, in which mock data returns fixed content by setting fixed data. For the case that the response content needs to be customized according to the user's request, the mock script processes the ...
Posted by Snatch on Mon, 03 Jan 2022 06:24:19 +0100
CTF_Web: Learn flash template injection (SSTI) from 0
0x01 Preface
Recently, in the process of question brushing, it is found that the problems of template injection on the server side are also common. These injection problems are similar. The difference is that different frameworks and different filtering rules may require different final payload s. This paper will take Flask as an example to le ...
Posted by orangehairedboy on Sat, 18 Dec 2021 03:26:28 +0100