GithubHelp home page GithubHelp logo

chybeta / code-audit-challenges Goto Github PK

View Code? Open in Web Editor NEW
966.0 38.0 206.0 163 KB

Code-Audit-Challenges

Home Page: https://github.com/CHYbeta/Code-Audit-Challenges

php nodejs python security ctf audit-challenges sql waf

code-audit-challenges's Introduction

Code-Audit-Challenges

说明

一些有趣的代码审计“小”题目。

  1. 为代码审计新手/小白提供一些帮助,为CTF-Web-dog提供一些套路。
  2. 暂时先告诉大家世上最好的语言有:
    1. php
    2. python
    3. node-js
    4. Ruby
  3. 以后还想告诉大家:java等等也是最好的语言。
  4. 会不断整理更新,删/换部分题目。

题目来源:

  • 各大CTF-OJ平台
  • 各大CTF赛事
  • 知识星球等知识分享平台公开部分
  • 师傅们的想象力

注意

题目中涉及的代码可能不足以直接支撑一个完整的环境,若要本地搭建模拟,请自行修改。

该repo仅就原代码处的有趣点/漏洞点提出说明以及相应的解答。若有好的题目欢迎提供。

PYTHON

Node-js

Ruby

PHP

分类

code-audit-challenges's People

Contributors

chybeta avatar gitbook-bot avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

wha000tif kingseco 5up3rc 3wapp nickaries ze4lfrog zjuchenyuan qaqppx re13orn tuian jerusalemsbell thanatoskira l1k0r b1gw00d lengyun123456 restran joinbaijun lsr00ter lw1988 flying0er jkme h1d3r gitsucce-zz mo-xiaoxi jumbo-wjb doge-dog wxcstc jayjayxi hiitry opose mehrdad-shokri vincebye f0829 stevenksaint yx568481693 bluebear171 gg00 blacktrace mayter 957204459 yogistudio maplege fzxcp3 zhengyuwu hhdidid shepherdjiangxin lovecppp lhlsec jinyu00 aerfa21 raul1718 jijicanyu a11riseforme 615 f1vet m00zh33 arongmh pcanyi stefanowen guoyu07 ioanlongjing t3hp0rp alaamub geidalaodicha rongqinglee limkokholefork kevinyww w7oami key20 hecbi ddddyyy ionux alexfierascu k0rz3n shadowdiscover bjdudu yuanxzhang xz-zone xncoder fenguopeng security-prince micsoftvn deerluca zkasdla111 dycsy szfsir laworigin zo1ro remkaze h4ck0ne re-expoc silenceblank ith4cker bravery9 yuting-linux jjusttme2 lordsky celdrick superf0sh grayguest

code-audit-challenges's Issues

一点点疑问

首先感谢作者提供这么多的优质资源,其中的某些技巧真的经验到了我;
但是在看到第8关的时候,不是很清楚这一关是在传达什么样的点……看样子好想是排版乱了?期待解答
再次感谢你的贡献

关于challenge-2

看了你给出的solution,你已经解释了is_numeric()函数和(int)xxx强转的区别,但是能解释下:

1、$_GET['time'] < 60 * 60 * 24 * 30 * 2
2、(int)$_GET['time']

这两种的区别吗?因为本题过is_numeric容易,但是后面涉及到字符串和整数比较大小时候,按照php的说法,字符串会转化为integer,为什么在进行数值比较时候的类型转化和通过(int)强转的类型转化结果不一致?而且此题貌似在不同环境其解法不一样。忘解惑。

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.