CHYbeta / Code Audit Challenges
Code-Audit-Challenges
Stars: ✭ 779
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Code Audit Challenges
Pwn Sandbox
A sandbox to protect your pwn challenges being pwned in CTF AWD.
Stars: ✭ 81 (-89.6%)
Mutual labels: ctf, waf
Nano Sql
Universal database layer for the client, server & mobile devices. It's like Lego for databases.
Stars: ✭ 717 (-7.96%)
Mutual labels: sql
Modin
Modin: Speed up your Pandas workflows by changing a single line of code
Stars: ✭ 6,639 (+752.25%)
Mutual labels: sql
Janusec
Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Stars: ✭ 771 (-1.03%)
Mutual labels: waf
Spoilerwall
Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!
Stars: ✭ 754 (-3.21%)
Mutual labels: ctf
Mycat2
MySQL Proxy using Java NIO based on Sharding SQL,Calcite ,simple and fast
Stars: ✭ 750 (-3.72%)
Mutual labels: sql
Node Typescript Koa Rest
REST API boilerplate using NodeJS and KOA2, typescript. Logging and JWT as middlewares. TypeORM with class-validator, SQL CRUD. Docker included. Swagger docs, actions CI and valuable README
Stars: ✭ 739 (-5.13%)
Mutual labels: sql
Azuredatastudio
Azure Data Studio is a data management tool that enables working with SQL Server, Azure SQL DB and SQL DW from Windows, macOS and Linux.
Stars: ✭ 6,605 (+747.88%)
Mutual labels: sql
Qlbridge
A golang expression evaluator & Library to build SQL query engine based functionality.
Stars: ✭ 721 (-7.45%)
Mutual labels: sql
Nopcommerce
The most popular open-source eCommerce shopping cart solution based on ASP.NET Core
Stars: ✭ 6,827 (+776.38%)
Mutual labels: sql
Mit 15 003 Data Science Tools
Study guides for MIT's 15.003 Data Science Tools
Stars: ✭ 743 (-4.62%)
Mutual labels: sql
Code-Audit-Challenges
说明
一些有趣的代码审计“小”题目。
- 为代码审计新手/小白提供一些帮助,为CTF-Web-dog提供一些套路。
- 暂时先告诉大家世上最好的语言有:
- 以后还想告诉大家:java等等也是最好的语言。
- 会不断整理更新,删/换部分题目。
题目来源:
- 各大CTF-OJ平台
- 各大CTF赛事
- 知识星球等知识分享平台公开部分
- 师傅们的想象力
注意
题目中涉及的代码可能不足以直接支撑一个完整的环境,若要本地搭建模拟,请自行修改。
该repo仅就原代码处的有趣点/漏洞点提出说明以及相应的解答。若有好的题目欢迎提供。
PYTHON
- Challenge 1:哈希长度扩展攻击
Node-js
- Challenge 1:文件读取,URL处理
- Challenge 2:SQL注入
Ruby
- Challenge 1:SQL注入
PHP
- Challenge 1:phpBug #69892
- Challenge 2:php弱类型、is_numeric()、强制类型转换
- Challenge 3:php配置文件写入问题
- Challenge 4
- Challenge 5:webshell、waf绕过
- Challenge 6:命令执行、waf绕过
- Challenge 7:php弱类型
- Challenge 8:SQL注入
- Challenge 9:php Session 序列化问题
- Challenge 10:php://input、php弱类型、eregi
- Challenge 11:SQL注入
- Challenge 12:命令执行
- Challenge 13:php弱类型、strcmp比较、ereg
- Challenge 14:SQL注入
- Challenge 15:php弱类型
- Challenge 16:SQL注入、逻辑漏洞
- Challenge 17:变量覆盖
- Challenge 18:SQL注入
- Challenge 19:SQL注入
- Challenge 20:SQL注入
- Challenge 21:stripos、php弱类型比较
- Challenge 22:
- Challenge 23:变量覆盖
- Challenge 24:SQL注入
- Challenge 25:heredoc
- Challenge 26:php弱类型
- Challenge 27:php全局变量、$GLOBALS
- Challenge 28
- Challenge 29
- Challenge 30
- Challenge 31
- Challenge 32
- Challenge 33
- Challenge 34
- Challenge 35
- Challenge 36
- Challenge 37
- Challenge 38
- Challenge 39
- Challenge 40
- Challenge 41
- Challenge 42
- Challenge 43
- Challenge 44
- Challenge 45
- Challenge 46
- Challenge 47
- Challenge 48
- Challenge 49:哈希长度扩展攻击
- Challenge 50:SQL注入
- Challenge 51
- Challenge 52
- Challenge 53
- Challenge 54:Padding Oracle
- Challenge 55:SSRF
- Challenge 56:SQL注入
- Challenge 57
- Challenge 58
- Challenge 59:hash碰撞
- Challenge 60:命令执行
- Challenge 61:SSRF
- Challenge 62:
- Challenge 63:
- Challenge 64:php弱类型,php整型溢出、php伪协议等
分类
-
SQL注入
-
命令执行
- PHP:
-
弱类型比较等
-
反序列化
- PHP:
-
变量覆盖
- PHP:
-
密码学相关
- PHP:
- PYTHON:
-
其他
-
PHP:
-
Node-js:
-
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].