♥CTF-Web资源分享♥

发布于 2022-10-05  742 次阅读

author:bilala

PHP安全特性

parse_url()函数小记:

https://skysec.top/2017/12/15/parse-url%E5%87%BD%E6%95%B0%E5%B0%8F%E8%AE%B0/

php临时文件机制:https://www.anquanke.com/post/id/183046?from=groupmessage

哈希比较缺陷:https://blog.csdn.net/mochu7777777/article/details/114494427

SQL

非常全的SQL总结:https://mp.weixin.qq.com/s/vdUoQU2WS7zf0EKHFYKNvg

也是一篇很全的总结:https://www.anquanke.com/post/id/254168

超详细的盲注总结:https://www.gem-love.com/2022/01/26/%E4%B8%80%E6%96%87%E6%90%9E%E5%AE%9AMySQL%E7%9B%B2%E6%B3%A8/

两种CTF中特殊盲注的利用:https://www.secpulse.com/archives/153095.html

MySQL中的waf绕过技巧:https://www.cnblogs.com/R0ser1/p/14832719.html

二次注入:https://www.jianshu.com/p/3fe7904683ac

floor()报错注入:https://blog.csdn.net/zpy1998zpy/article/details/80650540

MySQL的SQL预处理:https://www.cnblogs.com/geaozhang/p/9891338.html

Quine考点:https://www.anquanke.com/post/id/253570

文件包含

PHP伪协议总结:https://segmentfault.com/a/1190000018991087

PHP Filter伪协议trick:https://blog.csdn.net/gental_z/article/details/122303393

PHP Filter深入利用:https://www.anquanke.com/post/id/202510

RCE

PHP bypass disable_function:

https://segmentfault.com/a/1190000038646341

https://blog.csdn.net/qq_44657899/article/details/109171760?utm_medium=distribute.pc_relevant.none-task-blog-2%7Edefault%7ECTRLIST%7Edefault-2.no_search_link&depth_1-utm_source=distribute.pc_relevant.none-task-blog-2%7Edefault%7ECTRLIST%7Edefault-2.no_search_link

利用GCONV_PATH与iconv进行bypass dis func:https://blog.csdn.net/qq_42303523/article/details/117911859

无参数RCE:https://skysec.top/2019/03/29/PHP-Parametric-Function-RCE/

无字母数字webshell:

http://t.zoukankan.com/v01cano-p-11736722.html

https://www.leavesongs.com/PENETRATION/webshell-without-alphanum.html

https://www.leavesongs.com/PENETRATION/webshell-without-alphanum-advanced.html

https://blog.csdn.net/miuzzx/article/details/109143413

Linux反弹shell:https://xz.aliyun.com/t/2549

SSRF

内容比较丰富的一篇:https://www.freebuf.com/articles/web/260806.html

SSRF在有无回显方面的利用:https://xz.aliyun.com/t/6373

内容也挺多的一篇:https://blog.csdn.net/u010726042/article/details/77806775

反序列化

非常全的一篇总结:https://y4tacker.blog.csdn.net/article/details/113588692

PHP原生类的利用:

https://www.anquanke.com/post/id/238482

https://mp.weixin.qq.com/s/PrIwbUtc8KoqWcVsWte_Rg

https://mp.weixin.qq.com/s/uNcPHMMq0vRvf-ZQ6oZ8_g

SoapClient类反序列化SSRF:https://zhuanlan.zhihu.com/p/80918004

phar,有讲解和本地复现:

https://xz.aliyun.com/t/2715

https://www.freebuf.com/articles/web/205943.html

https://paper.seebug.org/680/

phar://的底层源码分析:https://guokeya.github.io/post/uxwHLckwx/

session反序列化,有原理和本地复现和例题:

https://www.cnblogs.com/litlife/p/10748506.html

https://xz.aliyun.com/t/7366

https://mp.weixin.qq.com/s/VoUSSb7ISbOJS4ixgjmZMg

SSTI

比较全的一篇:https://www.cnblogs.com/20175211lyz/p/11425368.html

jinja2的SSTI:https://blog.csdn.net/u011377996/article/details/86776181

flask:https://xz.aliyun.com/t/3679

CVE

log4j2:https://www.cnblogs.com/gaojia-hackerone/p/15689369.html

log4j waf绕过:https://www.cnblogs.com/ph4nt0mer/p/15701647.html

Trick

PHP中PCRE回溯次数限制的利用:https://www.leavesongs.com/PENETRATION/use-pcre-backtrack-limit-to-bypass-restrict.html

CTF中php的比较全的trick:https://www.anquanke.com/post/id/244494

不知道怎么归类😁

讲CGI,PHP-CGI等一些概念的:

https://segmentfault.com/a/1190000009066688#:~:text=CGI%E5%85%A8%E7%A7%B0%E6%98%AF%E2%80%9C%E5%85%AC%E5%85%B1%E7%BD%91%E5%85%B3,php%2Cperl%2Ctcl%E7%AD%89%E3%80%82