当前位置:网站首页>Buuctf [actf2020 freshman competition] include1
Buuctf [actf2020 freshman competition] include1
2022-04-23 09:19:00 【Partition CC】
Open the target and find that
F12 Check source code discovery :url This file may contain a vulnerability ?file=flag.php
Click on tips The page jumps to Can you find out the flag?
Judgment can save php Fake protocol
structure payload The format is as follows
?file=php://../../resource=flag.php
(php://filter" Fake protocol " To include , When combined with an include function ,php://filter Flow will be treated as php File execution . So we usually code it , Prevent it from executing , This results in arbitrary file reads .)
( If you use php://filter Pseudo protocol for File Inclusion , Need to add read=convert.base64-encode To encode the contents of the file )
This topic php The pseudo protocol code is as follows
?file=php://filter/read=convert.base64-encode/resource=flag.php
enter
Get a bunch of Base64 code
utilize Base64 Code conversion tool to convert to flag
Base64 Code conversion tool ,Base64 Encryption and decryption
Big brother, take out your little hand to get rich zan A!
版权声明
本文为[Partition CC]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204230630141948.html
边栏推荐
- [SQL Server fast track] view and cursor of database
- GoLand debug go use - white record
- 基于ThinkPHP5版本TRC20-资金归集解决方案
- 小程序报错 :should have url attribute when using navigateTo, redirectTo or switchTab
- Redis Desktop Manager for Mac
- STM32 and FreeRTOS stack parsing
- Codeforces Round #784 (Div. 4)
- Open services in the bottom bar of idea
- Arbre de dépendance de l'emballage des ressources
- [boutique] using dynamic agent to realize unified transaction management II
猜你喜欢
搞不懂时间、时间戳、时区,快来看这篇
資源打包關系依賴樹
Resource packaging dependency tree
![[reading notes] Chapter 5 conditional statements, circular statements and block statements of Verilog digital system design tutorial (with answers to thinking questions)](/img/a2/b50fadad859a050eecfa15a436e126.png)
[reading notes] Chapter 5 conditional statements, circular statements and block statements of Verilog digital system design tutorial (with answers to thinking questions)
How to protect open source projects from supply chain attacks - Security Design (1)
Four pictures to understand some basic usage of Matplotlib
![[SQL Server fast track] view and cursor of database](/img/2c/8edd92ecef11932c982db56af76c3f.png)
[SQL Server fast track] view and cursor of database
![3、 6 [Verilog HDL] gate level modeling of basic knowledge](/img/36/46f2413ecb12f81c003848c93f6bc9.jpg)
3、 6 [Verilog HDL] gate level modeling of basic knowledge
Introduction to matlab
npm ERR! network
随机推荐
The most concerned occupations after 00: civil servants ranked second. What was the first?
[Luke V0] verification environment 2 - Verification Environment components
Give the method of instantiating the object to the new object
Project upload part
【读书笔记】《Verilog数字系统设计教程》 第5章 条件语句、循环语句和块语句(附思考题答案)
Withholding agent
NPM reports an error: operation not allowed, MKDIR 'C: \ program files \ node JS \ node_ cache _ cacache’
Group Backpack
How to render web pages
valgrind和kcachegrind使用運行分析
Codeforces Round #784 (Div. 4)
Technological innovation in government affairs in the construction of Digital Government
108. 将有序数组转换为二叉搜索树
Non duplicate data values of two MySQL query tables
To remember the composition ~ the pre order traversal of binary tree
Little girl walking
How to read excel table to database
Cross domain configuration error: when allowcredentials is true, allowedorigins cannot contain the special value "*“
Number theory to find the sum of factors of a ^ B (A and B are 1e12 levels)
成功的DevOps Leader 应该清楚的3个挑战