A New GitHack Script

Git hack happens when site maintainers use Git to manage the source code of the website but forget to deleting  directory. By accessing  , you can easily find Git information and even the source code of the target website. Sometimes you may see 403 when you are trying to visit that URL, but that is because the access to directories is restricted. In this case, you can still access and download certain files if you know the exact URL to the file.

Continue reading “A New GitHack Script”

全国大学生信息安全竞赛线下赛-Web-Writeup

第九届全国大学生信息安全竞赛 Web攻防

比赛是8月中旬在上海进行的。这套源码一共发现了一个注入和一个后门。其实当时本来很早挖出了后门,但是补的第一波莫名其妙就把服务弄挂了,所以一直没补成,被打到最后还有两个小时,又试了一下,莫名其妙的这次就行了。

Continue reading “全国大学生信息安全竞赛线下赛-Web-Writeup”