Skip to content

收集一些原型链污染的题目,用于个人学习。Collect some challenges to study the Prototype Pollution

Notifications You must be signed in to change notification settings

chenlvtang/NodeJsPrototypePollution

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Language : English | 简中

0x00 Sources

chall_4: CTF-Challenge/nodejs/chall_4 at master · meizjm3i/CTF-Challenge (github.com)

8-bit pub: AntCTF-x-D-3CTF/8-bit pub.zip at master · fghcvjk/AntCTF-x-D-3CTF (github.com)

hardjs: OurChallenges/XNUCA2019Qualifier/Web/hardjs at master · NeSE-Team/OurChallenges (github.com)

blueprint: redpwnctf-2019-challenges/web/blueprint at master · redpwn/redpwnctf-2019-challenges (github.com)

thejs: code-breaking/2018/thejs at master · phith0n/code-breaking (github.com)

0x01 EXP

The dictionary which named "exp" saves the solutions(Python Scripts --3.8.2 32bit) to the challenges.

Have fun!

: )

​ -- chenlvtang 2021/08/16

0x02 Difficulty

⭐⭐⭐⭐⭐ IS THE HARDEST

chall_4: ⭐⭐ (easy. U don't have to care about the error when u view the index , just try to hack.)

8-bit pub: ⭐⭐⭐⭐⭐ (I didn't do it. Because it needs Mysql && SMTP && Linux, why don't there are a Dockerfile. SAD....)

hardjs: ⭐⭐⭐⭐ (The origin Dockerfile had some problems, which wasted me a lot of time. I deleted the aliyun mirrors, and changed the mysql to mariadb, and it finally work. But it still failed in the Ubuntu, when i ran it in Kali, ohhhhh, Success. The EXP failed with unknow reason....but I think the exp's logic is right. )

thejs: ⭐⭐⭐⭐ (if u had finished hardjs, this challenge will be very easy)

blueprint: ⭐⭐⭐(Medium, but fun)

About

收集一些原型链污染的题目,用于个人学习。Collect some challenges to study the Prototype Pollution

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published