当前位置:网站首页>Buuctf [actf2020 freshman competition] include1
Buuctf [actf2020 freshman competition] include1
2022-04-23 09:19:00 【Partition CC】
Open the target and find that
F12 Check source code discovery :url This file may contain a vulnerability ?file=flag.php
Click on tips The page jumps to Can you find out the flag?
Judgment can save php Fake protocol
structure payload The format is as follows
?file=php://../../resource=flag.php
(php://filter" Fake protocol " To include , When combined with an include function ,php://filter Flow will be treated as php File execution . So we usually code it , Prevent it from executing , This results in arbitrary file reads .)
( If you use php://filter Pseudo protocol for File Inclusion , Need to add read=convert.base64-encode To encode the contents of the file )
This topic php The pseudo protocol code is as follows
?file=php://filter/read=convert.base64-encode/resource=flag.php
enter
Get a bunch of Base64 code
utilize Base64 Code conversion tool to convert to flag
Base64 Code conversion tool ,Base64 Encryption and decryption
Big brother, take out your little hand to get rich zan A!
版权声明
本文为[Partition CC]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204230630141948.html
边栏推荐
- 资源打包关系依赖树
- Notes on xctf questions
- Go language self-study series | golang method
- Employee probation application (Luzhou Laojiao)
- Go language self-study series | golang nested structure
- [indexof] [lastIndexOf] [split] [substring] usage details
- About CIN, scanf and getline, getchar, CIN Mixed use of getline
- Go language learning notes - structure | go language from scratch
- 小女孩行走
- 653. Sum of two IV - input BST
猜你喜欢
Download and install bashdb
Vivo, hardware safe love and thunder
Program, process, thread; Memory structure diagram; Thread creation and startup; Common methods of thread
Resource packaging dependency tree
Kettle experiment
Go language learning notes - structure | go language from scratch
搞不懂时间、时间戳、时区,快来看这篇
Failed to download esp32 program, prompting timeout
[C language] document operation
653. 两数之和 IV - 输入 BST
随机推荐
Unfortunately, I broke the leader's confidential documents and spit blood to share the code skills of backup files
What is augmented reality technology? Where can it be used?
108. Convert an ordered array into a binary search tree
Single sign on SSO
Go language self-study series | golang method
Node installation
Wechat applet catchtap = "todetail" event problem
js 原型链的深入
valgrind和kcachegrind使用運行分析
DJ music management software pioneer DJ rekordbox
[C language] document operation
Introduction to matlab
112. 路径总和
NPM installation yarn
653. Sum of two IV - input BST
MYCAT configuration
基于ThinkPHP5版本TRC20-资金归集解决方案
MySQL小練習(僅適合初學者,非初學者勿進)
web页面如何渲染
How to render web pages