Buuctf [actf2020 freshman competition] include1

Open the target and find that

F12 Check source code discovery ：url This file may contain a vulnerability     ?file=flag.php

Click on tips The page jumps to Can you find out the flag?

  Judgment can save php Fake protocol

structure payload The format is as follows

?file=php://../../resource=flag.php

（php://filter" Fake protocol " To include , When combined with an include function ,php://filter Flow will be treated as php File execution . So we usually code it , Prevent it from executing , This results in arbitrary file reads .）

（ If you use php://filter Pseudo protocol for File Inclusion , Need to add read=convert.base64-encode To encode the contents of the file ）

This topic php The pseudo protocol code is as follows

?file=php://filter/read=convert.base64-encode/resource=flag.php

enter

  Get a bunch of Base64 code  

utilize Base64 Code conversion tool to convert to flag

​​​​​​Base64 Code conversion tool ,Base64 Encryption and decryption

Big brother, take out your little hand to get rich zan A!