X-NUCA 2019 Web WP

Express+lodash+ejs: 从原型链污染到RCE

RCE 的前提是要有原型链污染，原型链污染原理等具体不再赘述

TCTF / 0CTF Ghost Pepper

I still think this challenge is solved by accident, that I don’t think my solution is the official solution.

CTF中有几个MD5绕过的技巧

Update：水完了\龇牙

简述

SSTI全称Server-Side-Template-Injection，即服务端模版注入攻击。