opened ctfshow Of web Get started and brush questions

web1

F12

web2

To open the first F12, Then copy the container URL
official wp:view-source:

web3

burp Grab the bag

web4-6 A little

You need to set the delay scanning

web7

/.git/

web8

/.svn/

web9

/index.php.swp

web10-11 A little

web12

web13

stem ： There should be no sensitive information in the technical documents , After deployment to the production environment, modify the default password in time

Web14

Compiler vulnerability , I've heard that there were many such loopholes before
View source files " <img src="editor/upload/banner-app.png" alt="App">"
There is such a path access /editor/
Insert file —— Found in the file space flag

web15

Follow the prompts
visit /admin page Found a password forgetting operation , You need to enter the address See below the main page QQ mailbox , adopt QQ No. query mailbox , It's from Xi'an Password changed successfully , user name admin Log in successfully and get flag

web16

php probe -phpinfo

web17

Scan the directory to get
backup.sql

web18

if(score>100)
{
var result=window.confirm("\u4f60\u8d62\u4e86\uff0c\u53bb\u5e7a\u5e7a\u96f6\u70b9\u76ae\u7231\u5403\u76ae\u770b\u770b");
}

obtain 110.php

web19

View source code

web20

Scan the background , Download to database . Open the can
flag{ctfshow_old_database}