{"id":13540143,"url":"https://github.com/chybeta/code-audit-challenges","last_synced_at":"2025-04-04T07:04:27.108Z","repository":{"id":41465429,"uuid":"102992727","full_name":"CHYbeta/Code-Audit-Challenges","owner":"CHYbeta","description":"Code-Audit-Challenges","archived":false,"fork":false,"pushed_at":"2018-11-17T07:35:15.000Z","size":163,"stargazers_count":980,"open_issues_count":5,"forks_count":206,"subscribers_count":37,"default_branch":"master","last_synced_at":"2025-03-28T06:03:33.180Z","etag":null,"topics":["audit-challenges","ctf","nodejs","php","python","security","sql","waf"],"latest_commit_sha":null,"homepage":"https://github.com/CHYbeta/Code-Audit-Challenges","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CHYbeta.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-09-10T00:18:13.000Z","updated_at":"2025-03-17T02:01:59.000Z","dependencies_parsed_at":"2022-09-23T05:13:34.300Z","dependency_job_id":null,"html_url":"https://github.com/CHYbeta/Code-Audit-Challenges","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CHYbeta%2FCode-Audit-Challenges","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CHYbeta%2FCode-Audit-Challenges/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CHYbeta%2FCode-Audit-Challenges/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CHYbeta%2FCode-Audit-Challenges/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CHYbeta","download_url":"https://codeload.github.com/CHYbeta/Code-Audit-Challenges/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247135141,"owners_count":20889420,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit-challenges","ctf","nodejs","php","python","security","sql","waf"],"created_at":"2024-08-01T09:01:41.311Z","updated_at":"2025-04-04T07:04:27.090Z","avatar_url":"https://github.com/CHYbeta.png","language":null,"readme":"# [Code-Audit-Challenges](https://github.com/CHYbeta/Code-Audit-Challenges)\n\n## 说明\n一些有趣的代码审计“小”题目。\n\n1. 为代码审计新手/小白提供一些帮助,为CTF-Web-dog提供一些套路。\n2. 暂时先告诉大家世上最好的语言有：\n     1. [php](https://github.com/CHYbeta/Code-Audit-Challenges#php)\n     2. [python](https://github.com/CHYbeta/Code-Audit-Challenges#python)\n     3. [node-js](https://github.com/CHYbeta/Code-Audit-Challenges#node-js)\n     4. [Ruby](https://github.com/CHYbeta/Code-Audit-Challenges#ruby)\n3. 以后还想告诉大家：java等等也是最好的语言。\n4. 会不断整理更新，删/换部分题目。\n\n## 题目来源：\n+ 各大CTF-OJ平台\n+ 各大CTF赛事\n+ 知识星球等知识分享平台公开部分\n+ 师傅们的想象力\n\n## 注意\n题目中涉及的代码可能不足以直接支撑一个完整的环境，若要本地搭建模拟，请自行修改。\n\n该repo仅就原代码处的有趣点/漏洞点提出说明以及相应的解答。若有好的题目欢迎提供。\n\n---\n## PYTHON \n* [Challenge 1](python/challenge-1.md)：哈希长度扩展攻击\n\n## Node-js\n* [Challenge 1](node-js/challenge-1.md)：文件读取，URL处理\n* [Challenge 2](node-js/challenge-2.md)：SQL注入\n\n\n## Ruby\n* [Challenge 1](ruby/challenge-1.md)：SQL注入\n\n## PHP\n* [Challenge 1](php/challenge-1.md)：phpBug #69892\n* [Challenge 2](php/challenge-2.md)：php弱类型、is_numeric（）、强制类型转换\n* [Challenge 3](php/challenge-3.md)：php配置文件写入问题\n* [Challenge 4](php/challenge-4.md)\n* [Challenge 5](php/challenge-5.md)：webshell、waf绕过\n* [Challenge 6](php/challenge-6.md)：命令执行、waf绕过\n* [Challenge 7](php/challenge-7.md)：php弱类型\n* [Challenge 8](php/challenge-8.md)：SQL注入\n* [Challenge 9](php/challenge-9.md)：php Session 序列化问题\n* [Challenge 10](php/challenge-10.md)：php://input、php弱类型、eregi\n* [Challenge 11](php/challenge-11.md)：SQL注入\n* [Challenge 12](php/challenge-12.md)：命令执行\n* [Challenge 13](php/challenge-13.md)：php弱类型、strcmp比较、ereg\n* [Challenge 14](php/challenge-14.md)：SQL注入\n* [Challenge 15](php/challenge-15.md)：php弱类型\n* [Challenge 16](php/challenge-16.md)：SQL注入、逻辑漏洞\n* [Challenge 17](php/challenge-17.md)：变量覆盖\n* [Challenge 18](php/challenge-18.md)：SQL注入\n* [Challenge 19](php/challenge-19.md)：SQL注入\n* [Challenge 20](php/challenge-20.md)：SQL注入\n* [Challenge 21](php/challenge-21.md)：stripos、php弱类型比较\n* [Challenge 22](php/challenge-22.md)： \n* [Challenge 23](php/challenge-23.md)：变量覆盖\n* [Challenge 24](php/challenge-24.md)：SQL注入\n* [Challenge 25](php/challenge-25.md)：heredoc\n* [Challenge 26](php/challenge-26.md)：php弱类型\n* [Challenge 27](php/challenge-27.md)：php全局变量、$GLOBALS\n* [Challenge 28](php/challenge-28.md)\n* [Challenge 29](php/challenge-29.md)\n* [Challenge 30](php/challenge-30.md)\n* [Challenge 31](php/challenge-31.md)\n* [Challenge 32](php/challenge-32.md)\n* [Challenge 33](php/challenge-33.md)\n* [Challenge 34](php/challenge-34.md)\n* [Challenge 35](php/challenge-35.md)\n* [Challenge 36](php/challenge-36.md)\n* [Challenge 37](php/challenge-37.md)\n* [Challenge 38](php/challenge-38.md)\n* [Challenge 39](php/challenge-39.md)\n* [Challenge 40](php/challenge-40.md)\n* [Challenge 41](php/challenge-41.md)\n* [Challenge 42](php/challenge-42.md)\n* [Challenge 43](php/challenge-43.md)\n* [Challenge 44](php/challenge-44.md)\n* [Challenge 45](php/challenge-45.md)\n* [Challenge 46](php/challenge-46.md)\n* [Challenge 47](php/challenge-47.md)\n* [Challenge 48](php/challenge-48.md)\n* [Challenge 49](php/challenge-49.md)：哈希长度扩展攻击\n* [Challenge 50](php/challenge-50.md)：SQL注入\n* [Challenge 51](php/challenge-51.md)\n* [Challenge 52](php/challenge-52.md)\n* [Challenge 53](php/challenge-53.md)\n* [Challenge 54](php/challenge-54.md)：Padding Oracle\n* [Challenge 55](php/challenge-55.md)：SSRF\n* [Challenge 56](php/challenge-56.md)：SQL注入\n* [Challenge 57](php/challenge-57.md)\n* [Challenge 58](php/challenge-58.md)\n* [Challenge 59](php/challenge-59.md)：hash碰撞\n* [Challenge 60](php/challenge-60.md)：命令执行\n* [Challenge 61](php/challenge-61.md)：SSRF\n* [Challenge 62](php/challenge-62.md)：\n* [Challenge 63](php/challenge-63.md)：\n* [Challenge 64](php/challenge-64.md)：php弱类型，php整型溢出、php伪协议等\n\n\n\n\n\n## 分类\n+ SQL注入\n    + PHP:\n        + [Challenge 8](php/challenge-8.md)\n        + [Challenge 11](php/challenge-11.md)\n        + [Challenge 14](php/challenge-14.md)\n        + [Challenge 16](php/challenge-16.md)\n        + [Challenge 18](php/challenge-18.md) \n        + [Challenge 19](php/challenge-19.md) \n        + [Challenge 20](php/challenge-20.md)\n        + [Challenge 24](php/challenge-24.md)\n        + [Challenge 50](php/challenge-50.md)\n    + Ruby:\n        + [Challenge 1](ruby/challenge-1.md)\n    + Node.js:\n        + [Challenge 2](node-js/challenge-2.md)\n+ 命令执行\n    + PHP:\n        + [Challenge 4](php/challenge-4.md)\n        + [Challenge 6](php/challenge-6.md)\n        + [Challenge 12](php/challenge-12.md)\n        + [Challenge 60](php/challenge-60.md)：命令执行\n\n+ 弱类型比较等\n    + PHP:\n        + [Challenge 1](php/challenge-1.md)\n        + [Challenge 2](php/challenge-2.md)\n        + [Challenge 7](php/challenge-7.md)\n        + [Challenge 10](php/challenge-10.md)\n        + [Challenge 13](php/challenge-13.md)\n        + [Challenge 15](php/challenge-15.md)\n        + [Challenge 21](php/challenge-21.md)\n        + [Challenge 26](php/challenge-26.md)\n        + [Challenge 64](php/challenge-64.md)\n+ 反序列化\n    + PHP:\n        + [Challenge 9](php/challenge-9.md)\n+ 变量覆盖\n    + PHP:\n        + [Challenge 17](php/challenge-17.md)\n        + [Challenge 23](php/challenge-23.md)\n+ 密码学相关\n    + PHP:\n        + [Challenge 49](php/challenge-49.md)\n        + [Challenge 54](php/challenge-54.md)\n        + [Challenge 59](php/challenge-59.md)\n    + PYTHON:\n        + [Challenge 1](python/challenge-1.md)\n+ 其他\n    + PHP:\n        + [Challenge 1](php/challenge-1.md)\n        + [Challenge 3](php/challenge-3.md)\n        + [Challenge 5](php/challenge-5.md)\n        + [Challenge 25](php/challenge-25.md)\n        + [Challenge 27](php/challenge-27.md)\n        + [Challenge 49](php/challenge-49.md)\n        \n    + Node-js:\n        + [Challenge 1](node-js/challenge-1.md)\n---\n\n\n\n","funding_links":[],"categories":["\u003ca id=\"df8a5514775570707cce56bb36ca32c8\"\u003e\u003c/a\u003e审计\u0026\u0026安全审计\u0026\u0026代码审计","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集"],"sub_categories":["\u003ca id=\"34569a6fdce10845eae5fbb029cd8dfa\"\u003e\u003c/a\u003e代码审计"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchybeta%2Fcode-audit-challenges","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchybeta%2Fcode-audit-challenges","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchybeta%2Fcode-audit-challenges/lists"}